Skip to content

Latest commit

 

History

History
96 lines (64 loc) · 3.13 KB

README.md

File metadata and controls

96 lines (64 loc) · 3.13 KB
Raw

puppet-rna

A module to manage archlinux settings, specific for VMs and hypervisors. And a bit more. This is part of an exam for the module distributed systems for the bachelor degree.

Development

You can install all needed gems for testing with:

bundle install --path .vendor/ --without system_tests --without development --without release; bundle update; bundle clean

And execute tests:

bundle exec rake test

Troubleshooting

samba can't update DNS entries

check if you use the correct resolver ip address. On the samba server the /etc/resolv.conf should contain nameserver 127.0.0.1

Debug authentication

You can use the following command to check if a user/password is valid:

smbclient //localhost/netlogon -UAdministrator -c 'ls'

and the output should look like this:

Enter AD\Administrator's password:
  .                                   D        0  Tue Apr  3 14:49:13 2018
  ..                                  D        0  Tue Apr  3 14:49:16 2018

    51340768 blocks of size 1024. 45363928 blocks available

Debug kerberos

You should be able to get a ticket with this command:

kinit administrator

You maybe get the error:

kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

This means that something is wrong in your local kinit config. You can set the realm by hand:

# kinit [email protected]
Password for [email protected]:
Warning: Your password will expire in 41 days on Tue 15 May 2018 05:28:06 PM UTC

Please keep in mind that the realm needs to be in uppercase.

You can list all tickets with klist:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting       Expires              Service principal
04/03/2018 17:54:32  04/04/2018 03:54:32  krbtgt/[email protected]
  renew until 04/04/2018 17:54:21

Naming convention

This module assumes a few things:

  • Samba Active Director servers need to contain samba in their FQDN. Tested Operating System is Archlinux
  • The Puppetserver needs to contain puppet in his FQDN. Tested Operating System is CentOS 7

Further documentation

  • The Samba people have some docs about joining a domain
  • Also about setting up the domain controller
  • Docs about the different functional levels that windows and samba supports
  • There is also a pdf with the requirements that we needed to fulfill
  • Infos about kerberos domain realms
  • Infos about firewalling for Samba 1, 2
  • Check if a windows system is a domain member / if the user is local or not 1