darkness

We had a power outage this afternoon. Result was everything rebooting. I feel so bad for my machines when they flicker. Like a million hard drives crying out in pain…

Anyway, when I came back up, first think I did was try and log in on my new RH9 box. No go. I figured something on verin (the PDC/KDC/LDAP box) didn’t come back up, but it looked OK. Then I found some message about “too much clock skew” in verin’s logs. Nice of that message to appear in morgase’s (the machine I was trying to log in on) logs. That’s because when morgase booted, verin’s ntpd hadn’t gotten a good “fix” on the time (I think that’s what’s happening?) and so wouldn’t allow morgase to sync off of it. service ntp restart, try and log in again.

This time I get, “your password has expired.” Neat! It’s telling me this in GDM and letting me change it. I give my old password. I give my new password. I retype my new password. There is a pause. “Authentication failed.” WTF? Check some logs, find the password was changed, but apparently GDM gives back authentication failed and makes you log in again. OK, I try it with my new password, and it works. Happy days.

Then I go try and log in on my W2K box. No go. Try my old password, and it goes in. Fuckers! As it turns out, when requesting the password change from morgase, I have to have pam_smbpass in use on morgase as well, set up in /etc/pam.d/system-auth. BTW, though RH9 does ship with pam_smbpass, authconfig doesn’t appear to have any ability to use it. So I’ve changed /etc/pam.d/system-auth outside of authconfig, and if I ever run authconfig again I’m going to be in extreme pain.

When I decided that morgase needed to use pam_smbpass, I also decided that morgase needed to join the domain. I don’t know why, really. More of a hunch. So I went about that pain again. I tried some instructions I found in Samba docs, but that required me to log in as administrator. I seem to recall this not working so well. I finally figure out to smbpasswd -a -m morgase\$ on verin, then try to join from morgase; failure. After a long time, I remember that the LDAP administrator account is one of the few that needs an LDAP password set on it, for Samba to bind to LDAP. Fuck with ldappasswd (don’t forget -x, -D, and -W, and maybe -h) and finally get that set. Then use smbpasswd to set administrator’s SMB password. Then do smbpasswd -j PAD and… it works. I don’t even think I ended up using administrator’s sodding password. Fuckers.

Now I can’t run passwd on morgase, though. Checking why…

Oh argh. pam_smbpass appears to only operate locally. As does pam_smb_passwd. Not confirmed, of course, but from reading a bit of docs and a bit of source, this is how it looks. Additionally, I can’t get smbpasswd -r verin to work for the life of me, and nothing helpful in samba logs without upping my debug level.

Going to see X-Men 2 now, though. Have to check it out later tonight. ARGH. Single sign on is in a disgusting state.