May 17, 2012

Short note about password recovery in Ubuntu.

   I know that there are a lot of ways and posts about password recovery. But I'd like to write it as small instruction for myself. Also it is one of ways to enable root account in Ubuntu. I'm not going to discuss whether it is right or not. Every user can answer this question to himself. 
  Let's start. We need LiveCD with Ubuntu.
Step 1. Load to LiveCD. Execute terminal.
Step 2. Type
sudo fdisk -l
We will see partitions, hard disk name. Remember the name of partition, where Linux is installed. We will need it further.
Step 3. Then mount remembered partition using:
sudo mkdir /media/linux
Step 4. Then we should change root on mounted partition
sudo chroot /media/linux
Step 5. Finally use "passwd" to change password to any user or root.
Step 6. Reboot and use.

  My next posts will be about FreeBSD gateway with NAT, firewall, squid and some other services in network with Active Directory.

May 14, 2012

Ubuntu 12.04 LTS joining Active Directory.

After joining OpenSuse I was ready for Ubuntu. I thought that it wil be rather similar to OpenSuse. But I was very happy, because it was much easier for Ubuntu. Watch my steps:
Step 1. I changed my /etc/nsswitch.conf. I deleted value in hosts string, changing to dns value. It looked like:
hosts             dns
Step 2. Than I installed likewise-open and likewise-open-gui by synaptic. It was very convenient.
Step 3. Finally, I started installed GUI program called AD Membership. Entering computer name, domain, clicked "Join". Admin login and password finished domain joining.
Step 4. I rebooted my computer and couldn't find opportunity to manual login. It was my account and guest. After some I found the way to overcome such problem. I added such string in /etc/lightdm/lightdm.conf:
greeter-show-manual-login=true 
Rebooting computer and logged as Active Directory user.

In addition I would like to say, that it is oblivious that joinig AD by ubuntu was rather easier than such operation with OpenSuse. But thanks to OpenSuse I read about Kerberos, samba and some basics network things.
The next post will be devoted to change ubuntu password or how to activate root account. I know that there are a lot of manuals, but it will be useful for me as a reminder.
OpenSuse 12.01 & Ubuntu 12.04 LTS join Active Directory.

   During my work it becomes necessary to install to several users Linux on desktop. One of them wanted OpenSuse 12.01, another was a fan of Ubuntu. The latest long-term support Ubuntu is 12.04. It is not so stable right now, but I think it will be better in future. Well, first of all, I've started with OpenSuse 12.01.
    I didn't have enough time, that's why I tried to install everything from GUI.
Step 1. I installed necessary packages: krb5-client, samba-client, samba, samba-winbind, pam-krb5.
Step 2. Then I edited /etc/hosts. There I added string with IP-Domain. For example,
192.168.0.1 - DOMAIN.LOCAL
Step 3. Synced my time between workstation and PDC. I did it by hands, because seconds didn't matter.
Step 4. I performed some changes in config files.
   A) My krb5.conf looked like:
[libdefaults]
   default_realm = DOMAIN.LOCAL
   renew_lifetime = 24h
   ticket_licfetime = 24h
[realms]
   DOMAIN.LOCAL = {
      kdc = 192.168.0.1
      admin_server = 192.168.0.1
      default_domain = domain.local
   }
[domain_realm]
   .domain.local = DOMAIN.LOCAL
   domain.local = DOMAIN.LOCAL
[logging]
   kdc = FILE:/var/log/krb/krb5kdc.log
        admin_server = FILE:/var/log/krb/kadmin.log
        default = FILE:/var/log/krb/krb5lib.log 
B) Then I changed smb.conf

[global]
workgroup               = DOMAIN
security                = ADS
password server         = 192.168.0.1
realm                   = DOMAIN.LOCAL
netbios name            = deep
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
 I know, that there are over 9000 different ways to change configs, but this was my shortest way to join domain without hours of googling and reading tons of manuals. But without any doubt I'm going to learn more about samba and Kerberos.
Step 5. After all I was ready to try getting Kerberos ticket, typed klist and ooops:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1000)
 Well, often we can solve this problem by making such command as:

kinit aduser - where aduser is one of domain users
 Then I tried again and successfully got the ticket.

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: drchi@DOMAIN.LOCAL
Valid starting     Expires            Service principal
05/05/12 11:16:21  05/06/12 22:10:23  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
   renew until 05/06/12 11:16:21
Kerberos 4 ticket cache: /tmp/tkt0 

Step 6. I was ready to make an attempt to join Active Directory. Typed such command:
net join -S 192.168.0.1 -W DOMAIN -U drchi
Then I entered drchi password. But I got error:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
I was very disappointed. Finally I googled such interesting decision. First I leave domain:
net ads leave -U <username>
After leaving I tried again and got it.
net ads join -U <username>

Step 7. I rebooted my computer and got error that "Suse Theme doesn't supported winbind/samba login". Decision was found in one forum, it was known issue # 721782. I changed in /etc/sysconfig/displaymanager parameter DISPLAYMANAGER_KDM_THEME to empty string.
Another reboot and I joined my Active Directory.
Continue about Ubuntu will be in my next post