SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Did you download everything? You need more than just the SlackBuild file, you need all the folders and files in that directory with it. If you have, can you provide us a copy/paste of the errors?
No, I did not download everything. How do I do that? Do I have to snag each file, one-by-one, in each folder of the hierarchy? Or is the sync-SlackMATE.sh mentioned by kjhambrick the way to do that?
kjhambrick: I really appreciate the extensive detail you wrote. I'll see if I can work through your explanation. Is that sync-SlackMATE.sh script mentioned somewhere in the ivandi hierarchy and I just missed it?
-- what I started doing was downloading each of the "short list" source tarballs and building them in turn using the /.configure options listed in ivandi's e.g. krb5.SlackBuild scrhipt. Since I'm partway through that procedure I might work it to the end and see if I end up with anything.
I haven't looked through the sync script, so I'm not positive what it does. Usually, when I need to download source from a Slackware mirror (to rebuild/test a package), I'll just use wget. There's probably easier ways out there (maybe that sync script), but this works for me.
If you're curious what all the options do, read on. The -r is for recursive, so it will grab all the files and folders. The -nH prevents it from using the hostname (bisdesign.ca) as the main folder name. The --no-parent ensures it won't go into the parent directories while retrieving recursively. The reject prevents it from polluting your folder with a ton of html files. Finally, the --cut-dirs prevents it from creating the various folders above what you're trying to grab (ivandi and slackware) so it will just leave a SlackMATE folder.
No, I did not download everything. How do I do that? Do I have to snag each file, one-by-one, in each folder of the hierarchy? Or is the sync-SlackMATE.sh mentioned by kjhambrick the way to do that?
kjhambrick: I really appreciate the extensive detail you wrote. I'll see if I can work through your explanation. Is that sync-SlackMATE.sh script mentioned somewhere in the ivandi hierarchy and I just missed it?
mfoley --
I ( ? we ? ) don't need everything but we do need some stuff besides the SlackBuild Directories for the Packages.
And yes, the sync-SlackMATE.sh script was linked in the previous TL;DNR Post
By default, it downloads EVERYTHING, including all the Source Code Tar Files.
I don't need ALL the Source, so that's why I suggested modifying sync-SlackMATE.sh to NOT download ANY of ivandi's Source Code ( just the SlackMATE SlackBuild Structure ).
Then in the second script, I only downloaded the Source TarBalls that I actually wanted from ivandi's SlackMATE Tree.
I noticed last night that ivandi's SlackBuilds also apply Patch Files so I probably want HIS Source Files for ALL the Packages I build ( I tried to use Slackware Source where I could ).
The Patches SHOULD work if his Source Code matches the Official Slackware Source.
And the Patches MAY work, even if ivandi's Version is different than the Slackware Version.
But then again, if the individual Patch File Targets differ, the Patches will probably fail.
I want to try this out on another Machine and I won't be able to do that for a few days ...
And I also want to modify the setup-ivandiPAM.sh script ... I want to remove the Here-Document List of Packages and put them in an external plain-ole-text file.
Then I can process the same file to Download ivandi's Source TarBalls AND to set up the SlackBuild Subset Directory ( ivandiPAM/ ),
It's on my 'round tuit' list ...
Quote:
-- what I started doing was downloading each of the "short list" source tarballs and building them in turn using the /.configure options listed in ivandi's e.g. krb5.SlackBuild scrhipt. Since I'm partway through that procedure I might work it to the end and see if I end up with anything.
Ivandi's ${Package}.SlackBuilds optionally apply Patches and then they also set specific --configure options ( in the ${Package}.SlackBuild ) AS WELL AS generic --configure options in the _configure( ) function in SlackMATE/build_functions/build_functions.sh ...
As long as you apply any Patches and then use both sets of ivandi's --configure options, you should be able to make the configured source.
In addition, one VERY clever thing ivandi does with the CHROOT that tripped you up early-on ... His SlackBuilds will allow you to build ALL the Packages before installing ANY of them.
This is because the temporary SlackBuild INSTALL Directories are CHROOTed so that the prerequisites will be there for the subsequent builds without actually installing the Software on the running System ( at least that's what I interpreted from reviewing his SlackBuild System ( see function mount_chroot( ) in SlackMATE.SlackBuild ).
VERY ingenious !
This is one reason I wanted to try to 'slice out' a subset of his SlackMATE SlackBuilds and use those rather than trying to do it by hand.
The other reason is if I can come up with a set of Slackware Packages, I'll be able to reproduce the System by simply running `installpkg` on the Package Set created elsewhere.
OTOH and I am sure you know this, if you ( configure ; make ; ) you will also have to ( make install ; ) so that the subsequent make targets can find the dependencies you built in the preceding steps.
You will also have to repeat the process on each Slackware Machine that you want to PAMify ...
His SlackBuilds will allow you to build ALL the Packages before installing ANY of them.
This is because the temporary SlackBuild INSTALL Directories are CHROOTed so that the prerequisites will be there for the subsequent builds without actually installing the Software on the running System ( at least that's what I interpreted from reviewing his SlackBuild System ( see function mount_chroot( ) in SlackMATE.SlackBuild ).
NO, this only creates a read-only chroot to build the package. It is then installed on the system. What you are talking about is doable using overlayfs, but I don't need it. I just want to be sure the slackbuild does not make some unwanted modifications.
I'm making some progress. If you get bored with my narrative, at least skip to to bottom for my question. I did find the sync-SlackMATE.sh download script in the top-level SlackMATE directory, albeit it is not mentioned in the _README file. I guess SlackBuild guru's just know what to look for, eh?
My download resulted in a bit more that you (kjhambrick) had:
whereas you had the same number of directories, but 950 files and 5940586 bytes. Either you did your download long ago or Ivandi very recently added a lot to his repository.
I built/installed Kerberos first, ran rc.kdadmind without problem, but rc.kbr5kdc gave me:
Code:
$ /etc/rc.d/rc.kbr5kdc start
Starting krb5kdc: /usr/local/sbin/krb5kdc
krb5kdc: cannot initialize realm HPRS - see log file for details
#/var/log/syslog:
Sep 16 15:56:09 labrat krb5kdc[11223]: Cannot open DB2 database '/usr/local/var/krb5kdc/principal': No such file or directory - while initializing database for realm HPRS
If found this on the web:
Code:
$ kdb5_util create -s -r HPRS
after which I was able to run rc.kbr5kdc. I've no idea if this was the right thing to do, or how to test krb5 at this point see if it all installed correctly.
Next I built/installed Linux-PAM. It passed the `make check`.
Next I built/installed shadow. Some things I did differently:
o I did not use Ivandi's /etc/default/useradd as they diff'd identically.
o I kept Ivandi's /bin/group instead of removing his version and keeping the as-shipped version. They both returned the same results. If I have a problem, I'll restore the backed up original.
o I did not installed Ivandi's "friendly" adduser script as it is identical with the as-shipped version. His is dated to 2012, so perhaps in the meantime Slackware has updated the official one to be identical to Ivandi's.
o Of possible concern, the `find $PKG -type f -perm 47551` found no files with permission 47551. Hmmm, in examining the difference between these permission and his new permissions of 4711 I find that the only difference is 4711 removes the group and other read permission. Hopefully that's not to worry about.
SO - before pushing on to build samba and ssh, I'd like to test something; you know, keep variables to a minimum. Is there something I can test at this point? I'm reluctant to even reboot for fear that elements are not in place!
Maybe the command `find $PKG -type f -perm 47551` didn't return anything because you meant to say: `find $PKG -type f -perm 4755` ?
Remark 2:
I do have a fresh download from ivandi's site. I believe the difference is because as I said in the previous posts, I modified sync-SlackMATE.sh so that it DID NOT download ANY Source TarBalls.
I set up a secondary script to download only the source TarBalls that I needed and still another script to SymLink the TarBalls that I did download into the proper SlackBuild Directories.
No worries, but if you care, you could test my guess like this
Code:
#
# NOTE: change /path/to/SlackMATE to match YOUR /path/to/SlackMATE
#
# 1. the find command lists Source TarBall Files under your SlackMATE Directory
# 2. the stat command lists Sizes and FileNames of each 'found' file in #1
# 3. the gawk command prettifies the output and prints a Total at the end.
#
# the output is more-or-less the same as du -b -t List-Of-TarBall-Files ( if I could feed it the `find` listing :) )
#
stat -c "%s %n" $(find /path/to/SlackMATE -type f -iname "*.t?z" -o -iname "*.tar.?z" -o -iname ".tar.bz2") | \
gawk 'BEGIN{ N = T = 0 }{ printf( " %10s %s\n", $1, $2 ) ; N ++ ; T += $1 }END{ printf("# %10d %s\n", T, " Total Size of " N " Files" )}'
You'll ( probably ) see a long list of File Sizes and TarBall FileNames and then at the end, a Total Size line with a Count of Files found.
The Total Size and the Count of Files should account for the diffs between yours and mine.
No worries.
As for Testing ... I can think of two tests you might try to test krb5 + Linux-PAM + shadow+PAM:
Test 1: ( you've probably already done this )
Once you've installed the krb5 configs, you should be able to join the domain. From ivandi's README:
Code:
net ads join -U administrator
Once you've joined the domain,
Code:
net ads testjoin
Join is OK
You may also be able to see your krb5 ticket:
Code:
klist
Test 2:
Without installing the pamified SAMBA, ( samba+PAM ) you'll not yet be able to log in as an AD domain user ( at all ).
You'll only be able to log in and authenticate via PAM as a local user ( hopefully so )
However, you might see pam_unix messages for local login events in one of the System Logs because you HAVE installed shadow+PAM.
My unaltered Slackware box logs logins in /var/log/messages/ ( CentOS logs logins in /var/log/secure/ )
I don't recall whether or not this changed on Slackware with the shadow+PAM Package ... you'll want to look at /var/log/messages and /var/log/secure to 'find' any messages from pam_unix.
In addition, I don't yet have an AD DC set up yet ( which is the main reason I have to defer my testing -- I've got to set up a samba4 Box on the LAN as an AD DC and add a User or two ).
Therefore, I can only test local logins.
And you've not yet installed the samba+PAM so you too can only test local logins.
I have a ( pam-enabled ) CentOS Box called 'broke' where I see login events in /var/log/secure ...
I logged into broke as root, started: tail -f /var/log/secure ( I believe that you MAY have to start: tail -f /var/log/messages )
From another terminal, I logged into broke as myself.
This is what I see in /var/log/secure on the CentOS Box ( broke ):
The "#" lines are annotations.
Code:
#
# logged into broke via ssh as LOCAL USER konrad
#
# you've not yet installed samba+PAM and openssh+PAM so you'll not see the sshd pam_unix events yet, only 'the usual' events in /var/log/messages ...
#
Sep 17 03:14:18 broke sshd[29683]: Accepted publickey for konrad from 192.168.0.6 port 47366 ssh2
Sep 17 03:14:18 broke sshd[29683]: pam_unix(sshd:session): session opened for user konrad by (uid=0)
#
# while logged in as konrad, I typed: su -
# to log in as root, then logged off.
#
# you SHOULD see something like this because you have installed shadow+PAM
#
Sep 17 03:14:38 broke su: pam_unix(su-l:session): session opened for user root by konrad(uid=503)
Sep 17 03:14:42 broke su: pam_unix(su-l:session): session closed for user root
#
# while logged in as konrad ; typed ssh -l konrad localhost
# then logged off
#
# again, you won't see these messages until you've got samba+PAM and openssh+PAM ...
#
Sep 17 03:15:17 broke sshd[29766]: Accepted password for root from ::1 port 37514 ssh2
Sep 17 03:15:17 broke sshd[29766]: pam_unix(sshd:session): session opened for user root by (uid=0)
Sep 17 03:15:25 broke sshd[29766]: Received disconnect from ::1: 11: disconnected by user
Sep 17 03:15:25 broke sshd[29766]: pam_unix(sshd:session): session closed for user root
Once you've installed ivandi's samba+PAM ( and configs ) and openssh+PAM ( and configs ), you should also see the sshd events in Test 2.
And you should be able to test with an AD User too.
After installing samba+PAM and the configs and after you restart the smb daemon and the winbind daemon, you should be able to do these tests:
Test 3:
Code:
#
# list AD users ( note the formatting ( DOMAIN\User -or- DOMAIN/User -or- DOMAIN+User -or- User )) :
#
wbinfo -u
#
# list AD groups ( again, note the formatting )
#
wbinfo -g
#
# run id against local users as well as AD users
#
id root # check a local user
id DOMAIN\\ADUser # check an AD User ( you may have to type: id DOMAIN/ADUser ... or even: id DOMAIN+ADUser, depending on smb.conf )
#
# NOTE 1: if you modify your smb.conf with:
#
winbind separator = +
#
# then this form should work:
#
id DOMAIN+ADUser
#
# NOTE 2: if you modify your smb.conf with:
#
winbind use default domain = true
#
# then you can simply type:
#
id ADUser
Finally, after openssh+PAM is installed, you should be able to ssh in as an AD user and you should be able to repeat ALL OF Test 2 with an AD User
If you're curious what all the options do, read on. The -r is for recursive, so it will grab all the files and folders. The -nH prevents it from using the hostname (bisdesign.ca) as the main folder name. The --no-parent ensures it won't go into the parent directories while retrieving recursively. The reject prevents it from polluting your folder with a ton of html files. Finally, the --cut-dirs prevents it from creating the various folders above what you're trying to grab (ivandi and slackware) so it will just leave a SlackMATE folder.
Thanks for the wget commandline bassmadrigal !
I usually forget the --reject="index.htm*" which makes a mess in my Downloaded Tree
And the -nH + -cut-dirs=? options often trip me up.
I never recall how to count cut-dirs for wget without running `man wget` and even then I have to sometimes run a wget 'do-over' to get cut-dirs right
Maybe the command `find $PKG -type f -perm 47551` didn't return anything because you meant to say: `find $PKG -type f -perm 4755` ?
Correct. Typeo when posting to LQ. Nevertheless, no files having 4755.
Quote:
Remark 2:
I do have a fresh download from ivandi's site. I believe the difference is because as I said in the previous posts, I modified sync-SlackMATE.sh so that it DID NOT download ANY Source TarBalls.
OK - I guess I didn't realize you had already done that. No worries. Just an observation. It was way more work for me to try and figure out that exclusion stuff than to download everything and just use the tarballs I wanted.
Quote:
As for Testing ... I can think of two tests you might try to test krb5 + Linux-PAM + shadow+PAM:
Test 1: ( you've probably already done this )
Once you've installed the krb5 configs, you should be able to join the domain. From ivandi's README:
Code:
net ads join -U administrator
Once you've joined the domain,
Code:
net ads testjoin
Join is OK
I was able to join the domain and I was able to do the `net ads testjoin`. Of course, I was able to do these things after simply adding kbr5 to the vanilla, as-shipped Slackware.
Quote:
You may also be able to see your krb5 ticket:
Code:
klist
Here, things are not going so well. `klist` gives me:
Code:
$ klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
I suspect my kerberos did not build or installed properly. As mentioned in my post #39, I had to run `kdb5_util create` to get kbr5kdc to run. However, after looking into that more, kbr5kdc is described as the "Kerberos version 5 Authentication Service and Key Distribution Center". That, and the "dc" suffix on the kbr5kdc imply that this daemon should run on the AD/DC, not the domain member -- just a guess. My /etc/krb5/conf is:
$ wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
This also previously worked with the vanilla Slackware. (yes, winbindd is running)
I did build and install samba. Everything seemed to work OK, except right at the beginning the patch failed:
Code:
$ patch -p1 -i ../patches/samba.install.talloc.tevent.tdb.diff
patching file 2
Hunk #1 FAILED at 92.
patch: **** Can't reopen file 2 : No such file or directory
I assume this is because there is no ./lib/tevent/wscript.orig file -- but I know NOTHING about patch.
I have not built/installed ssh yet.
I can still ssh into this system from outside as a normal user, but once there I can no longer `su` or `login` as any user, local or domain (e.g. "mark"):
Code:
$ login mark
login: Cannot possibly work without effective root
$ su -
su: Permission denied
$ login
login: Cannot possibly work without effective root
$ login root
login: Cannot possibly work without effective root
$ login mark
login: Cannot possibly work without effective root
$ su - mark
No passwd entry for user 'mark'
Keep in mind that I have been running a Slackware AD/DC for nearly 2 years and did have this domain member SSO stuff working in Ubuntu, so it must be a simple (or complex!) matter of configuring things properly -- perhaps starting with kerberos.
I will research these problems, but all assistance is greatly appreciated!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.