I setup my share right, followed all the instructions, set the /etc/pam.conf entry.  Couldn’t get into my share, and my password wouldn’t work.

I found that you can test your PAM mapping like so:

smbutil login –c username

But that gave me:

Keychain entry not found.

Ok, had to do a little searching…  found out that you can SET THE STORED PASSWORD FOR SMB!  Duh!  Why didn’t I think of that in the first place?  LOL!

All you need to do is this:

smbutil login username@server

It will ask you for a password and suddenly your login from windows will work! Nice!

Keep in mind, that is assuming your server is setup in workgroup mode, joined to your workgroup not the domain.  I think you would just specify “username@netbiosdomain” in that case.

This is one of several, little, quick notes about OSOL config. I have done several installs now, and each time I forget some of the little things.  That’s what a Blog is for though, right?  There are lots of sites describing this online, so it’s not tough to find.  I just wanted to find it easier on my own site.

I am using OSOL 2009.06 in this, might change a bit on other versions.

1. Install the service/pkg if it is not already. I think it is though. I think I just had to enable it on 2009.06.

2. Edit the service.  There’s probably an easier way, but this is an example of how I learned one way and stuck to it.  And in OSOL, like Linux, there’s probably twenty different ways to do something.

svccfg -s xvnc-inetd

editprop

There are two lines I like to change. 1. is to add the WAIT for persistent connections.  2. Geometry, so I have a larger vnc window.  All I do is uncomment and add geometry and replace false with true.

setprop inetd_start/exec = astring: /usr/X11/bin/Xvnc -geometry 1280x800 -inetd -query localhost -once securitytypes=none

setprop inetd/wait = boolean: true

[security]

DisallowTCP=false

AllowRoot=true

AllowRemoteRoot=true

[xdmcp]

Enable=true

@echo off

rem IP of the server

set SVR=1.1.1.1

rem SSH port, update your sshd_config to match

set SSHPORT=222

set SSHUSER=username

set SSHPW=passwdnotshownhere

rem this is the port on your system, not the server

set LPORT=5992

set LIP=127.0.0.92

rem this is the port on the server, below should work by default

set RPORT=5900

set RIP=127.0.0.1

rem Path to Uvnc, maybe other vnc clients will work too

rem Just update the cmd below

set VNCPATH=C:\Program Files\UltraVNC

set VNCCMD=%VNCPATH%\vncviewer.exe

rem Have plink/pskill in your path or in the same dir as this script

start plink -ssh -P %SSHPORT% %SVR% -l %SSHUSER% -pw %SSHPW% -C -v -batch -L %LIP%:%LPORT%:%RIP%:%RPORT% -T -N 

CHOICE /N /T 7 /D Y > NUL

"%VNCCMD%" %LIP%::%LPORT%

CHOICE /N /T 2 /D Y > NUL

pskill plink.exe

Check the /etc/pam.conf has the smb line:

   other    password required    pam_smb_passwd.so.1    nowarn

If not, add that to the end of the file.  If you, check /var/smb/smbpasswd you should also see a line for your account with a hashed password listed.  In my case, I had my username and an ID listed, but not hashed password.  I didn’t have the line in pam.conf.  After I added it, I had to run the passwd username command on my account, which generated the smb password and inserted it into the smbpasswd file. Then the error about password not being correct went away and I could get in from Windows.  (Windows 7 too! With the “NTLMv2 if negotiated” option in policy.)

I am testing Windows 7 Pro on my laptop and wanted to decide if I can get by with that instead of Ultimate.  Well, my time is running out and I need a couple day to backup everything before I change it.  So…  I need to “rearm” the activation system.

Go to the start menu, and in search box type “cmd” and hit CTL-SHIFT-ENTER to open the command prompt with elevated rights.  Type this:

   1: slmgr -rearm

You’ll get a popup telling you it was successful and you need to restart a few seconds later.

Go to C:\windows\pchealth\helpctr\binaries.

helpsvc.exe /regserver /svchost netsvcs /rainstall

Run that.
Now we have Help and Support available again.

Notes to self:

Install your system to a PARTITION, NOT the whole drive.  I seem to remember reading somewhere that this was required.

My system had 2 disks.  rpool was setup on disk 0.  (those are ZERO’s not O’s.)

c8t0d0s0  (disk 0 with rpool)
c8t1d0s0   (disk 1 we want to mirror)

After installed and booted into new system…  (as root)

format
(choose your second disk, should be 1 and in this sys it was c8t1d0)
fdisk
(here, choose Y to select the 100% Solaris partion)
exit to save changes

Now do…

prtvtoc /dev/rdsk/c8t0d0s0 | fmthard -s - /dev/rdsk/c8t1d0s0

(notice the “rdsk”, it’s not “dsk”, and it includes the slices.  If you installed on a full drive, I don’t think you see the “s0″ slices)

zpool attach -f rpool c8t0d0s0 c8t1d0s0

And last setup grub on the second disk…

installgrub -m /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c8t1d0s0

All done!  Make note that you use “rdsk” on the prtvtoc command.  I kept getting “must be raw device” errors because I missed the “r” and had only /dev/dsk in the drive path.  Also, on first attempts, I somehow messed up my second drive partitions and labels and it was EFI labeled.  Nothing worked when it was EFI, and I couldn’t remove it either.  Since I did this initially in a VMware guest,  I just deleted the disk and added a new one.  But that’s important to note, do not do anything to that drive except run “format” and then use the “fdisk” command on the new drive.  It will come up and say something like you need a 100% Solaris partition, just say Y and exit that to save.  THEN… you can do the prtvtoc thing to copy the partition table to the new drive.

This is just another one of those things that didn’t make any sense and only partially does now. At least NOW I know there is more at play here than the simple solutions in Samba using create mask and create directory mask. In Linux, that’s how I would get around the issues of Windows directory permissions running on a Linux SMB share.

Now, I am learning to do things the OpenSolaris way. I am loving OpenSolaris and ZFS! However, coming from a Linux and Windows “way of life”, there are some differences that just aren’t clear. What kills me is, I try the RTFM thing, and somehow completely miss that one little thing that makes it all work. Off topic, but an example, coming from Linux, I would just type “su” and get root access. In OpenSolaris, that won’t work. Neither will “pfexec su”, nor “sudo su”. Then one day, after dealing with it for a week or so, I stumble upon a post where someone in an unrelated sample script typed “pfexec su – root”. There ya go! Argh!

Anyway, back on the ZFS/CIFS/ACL thing. It was driving me nuts that I couldn’t figure it out. I wanted a folder with this setup:
/pool/sharefs – owner:greg – group:domusers
greg and domusers should have full control and all folders under “sharefs” should inherit that.

So under linux/samba, that’s where I would do like “create mask = 770″ or simlar, and “force create group = domusers”. Something like that, can’t remember exactly. made it simple actually. It always wrote files with the right perms and ownership and other people in that group could read/write just fine.

Problem is, you can’t get very specific about who get’s what, where, and you can’t use more than one group. Well, sure enough, there’s a thing called “ACL” that handles that stuff now. It’s been around for a while now, but I never even heard of it until I started using OpenSolaris. I like how it seems to be more compatible with the way Windows handles ACL’s. What I don’t like is, it’s confusing. I get the NTFS/Share perms in Windows, been doing that a long time now. The CIFS/ZFS ACL thing kind of makes sense, and it will “click” at some point the more I use it.

After spending hours on this, I reached a point where I had to figure it out. Here’s what I did.

On the ZFS file system, create it normally for SMB access. Then I changed some properties for aclinherit and aclmode. Change those to “passthrough”:
zfs set -o aclinherit=passthrough -o aclmode=passthrough pool/sharefs

Then chmod/chown. OH! That’s another thing. You need to use /bin/chmod and /bin/ls! Not just type: chmod … That wont work. In OpenSolaris the default path points to /usr/gnu/bin/chmod, which doesn’t have the “A” or “V” options to set/view ACL’s. That was another thing that DROVE ME CRAZY!!! I read the man pages and manuals and docs online and I didn’t catch anything that said, “Hey, there are different versions of chmod and ls here!” I can’t believe the time wasting here! Back to the point, do this to put your own default perms on:

/bin/chmod 2774 /pool/sharefs
(I actually am not positive that is needed, but I think it set group as inheritable)

/bin/chmod -R A- /pool/sharefs
(that will wipe out the current perms)

/bin/chmod -R A=owner@:full_set:fd:allow /pool/sharefs
(resets perms with only that acl)

/bin/chmod -R A+group@:full_set:fd:allow /pool/sharefs
(that appends the group perms, full control)

/bin/chmod -R A+everyone@:read_set:fd:allow /pool/sharefs
(above appends everyone read access)

In all the above that will preset INHERITABLE permissions for the subdirectories.  Notice above there is one with “A=” on it?  That will reset the perms and set only that perm.  So I guess you may not even need the previous line for “A-” to reset.  (I am just learning here ya know!)

It looks as if that makes a little sense now.  You can view the current ACL’s like so:  ”/bin/ls -V /pool/sharefs”

In my case, I might want to add another user or group:

/bin/chmod -R A+user:stacy:full_set:fd:allow /pool/sharefs
/bin/chmod -R A+group:othergroup:full_set:fd:allow /pool/sharefs
/bin/chmod -R A+group:yetanothergroup:read_set:fd:allow /pool/sharefs

So with this setup I can now open the share on the server and create a file or folder with inherited permissions.  It does, however, save my username as a new owner, so keep that in mind.  But if the group stays in there with “domusers” as full read/write access, I am happy.

Well, now I get it just a little and it makes more sense compared to Windows ACL’s.  I didn’t go over any share specifics and authentication issues, this was just ACL’s!  I still have to RTFM my way around that for a while.  Next project, join OpenSolaris to a Windows domain.  (Which, BTW, does not work in NT Domain style connections, you have to use Active Directory.)

Not too often would you need this, but I just ran into a situation where it was handy to get AD off an existing, but inactive, domain controller.  I couldn’t get dcpromo to uninstall the services and demote the darn thing, because this server thought it was still active in the domain.  I had physically removed this server and manually cleared it from the active domain.  Why would you do this, well, that’s a long story, but I wanted to, let’s just say that.

Here’s how you demote a DC with dcpromo, forcefully.

“dcpromo /forceremoval”

I did this on a 2008 Server, worked great!  All these years and I hadn’t needed to do this, and didn’t even know it could be done.  Always something new to learn, huh!

I’ve moved a few virtual machines off of both ESXi and VMWare Server recently. (was testing VMWare, which I do like.) I moved them into VirtualBox while I test OpenSolaris, which I am REALLY liking… but off topic. Anyway, once I got the vmdk hard drive files copied, I created a new machine config in VirtualBox and added the vmdk to VirtualBox. (which is very cool I must say, you can use vmdk’s or vhd’s in VirtualBox.) Once the OS booted, in both XP Pro and Win2008, the performance was terrible and had no network. I realized that the VMWare Tools were probably still installed. Should have removed them first, but whatever. When to control panel and tied to uninstall, but I got some error that “No VmWare products were detected”, great! That’s nice, you can’t even uninstall after they are moved off the VMWare host services.

I added the VMWare Tools ISO to that VM and opened a command prompt. Then I found the “setup.exe” or “setup64.exe” files on the cd. Run those in the cmd window with a /c switch. (example:  ”setup64.exe /c” )  This will remove the Tools.  I installed the VirtualBox additions and then reboot.  On my Windows 2008 server it crashed on first reboot, then then I tried again and it loaded up just fine.  Network works and everything! Yay!

EDIT 7/23/09 :

I noticed on one Win2k system that the VMWare uninstall didn’t fully remove the networking drivers.  When I rebooted, the system tried to install the AMD PCNet adapter again, only it said it was “VMWare  …”   What I did to fix that…  I shutdown the Guest OS, went to settings and under Networking I selected the Intel adapter instead of the AMD.  This worked, but also required that I download the driver from Intel and install it manually on the Guest OS.  Everything worked fine though, and I had Gigabit networking!

I’d still like to know how to get rid of ALL the VMWare stuff though.  Probaby just need to find some INF’s for something in Windows.

When you run mstsc.exe, the Remote Desktop Connection client to connect to a virtual machine VRDP or other RDP connections, it’s not exactly clear how to enter the CTL+ALT+DEL keystroke to login. Do this:

CTL+ALT+END

:)

This is a pain. For some reason, unkown even to Microsoft aparently, I reboot my system only to login to a temporary profile in Windows Vista or Windows 7.   As of this writing, I am using the release candidate of Windows 7, but since I’ve seen this on Vista and even on Windows XP, I kind of suspect this has nothing to do with this being a beta product.  XP doesn’t give the same error.  I can’t remember what it says, but it basicaly does the same thing, it logs you in under the “Default” profile in windows, which is temporary and you lose everything once you logout.

You might see this error:

Your user profile was not loaded correctly! You have been logged on with a temporary profile.
Changes you make to this profile will be lost when you log off. Please see the event log for details or contact your administrator.

Why this happens is a mystery.  I found one article on the MS knowledge base about your account that is a member of Guests or Domain Guests, but that’s not the case for my issue.  I found this article, which led me to a quick fix.  (I doubt a fix permanently though)

http://support.microsoft.com/kb/947242

The solution in that article did not fix it for me.  Also, I’ve heard you can simply logout and back on, but that doesn’t fix it for me either.  What I did was delete the subkey in the ProfileList registy key mentioned in the article above.  If you go in there, you’ll see two keys with the same SID.  One will end in “.bak”, which should be your correct key.  Look within that key for the value of ProfileImagePath.  It should show the path to your windows profile.  Mine, for example, is : “C:\Users\greg”. Now look into the newly created profile key (SID without the “.bak”), this should show ImageProfilePath of “C:\Users\Temp”.   Obviously wrong.

The fix in the article tells you to delete the key with the “SID.bak”, but that just left in the temp profile and didn’t work for me.  I went back in to the registry, deleted the one with the C:\Users\Temp in the path, and then renamed my original one (Which I had exported! Named with the “.bak” and has your correct profile path.) by simply removing the “.bak” at the end.  Log off and back on, problem solved.

I hope this helps!  Backup your registry first!!

I love my new Env Touch, since I can’t get an iPhone it’s just awesome, but there’s a couple little things I don’t like. Like the fact that the dial pad goes blank when entering my PIN in voice mail. I have the screen set to 30 seconds timeout, but it still instantly goes blank. Well, guess what I discovered? If you just hold the phone flat, the screen lights up again! LOL! That’s the trick, just hold it flat, and you can see the numbers to enter!

Also, it drove me nuts that I couldn’t get all my contacts imported somehow.  I finally took some time to do a little searching and found this awesome post:

http://www.verizon-phones.org/verizon-lg-env3-and-env-touch-outlook-sync-software-update-download.html

I have all my contacts in Google Apps, but that was just a simple export to CSV, which I took and imported into Outlook 2007 easy enough.  I am using Windows 7 RC – 64bit.  I took the modem driver and the Outlook sync tool and set them both with Windows XP sp2 compatibility, then I ran them “As Administrator” as well.  The modem driver installed, can’t remember if it said success or not though.  Then the sync tool, that installed just fine.

I took my phone and set the USB to Modem mode, then plugged it in.  Windows 7 saw it, but the LG software to run updates didn’t see it.  I don’t care, because I just want my contacts.  So I opened Outlook, at the top toolbar was a new LG button.  Open that and do your sync.  I only ran the Contacts, so I don’t know if the Calendar will work yet, but all my contacts are now in my phone.  Now, I just need to setup a sync to Google Apps, and then a sync using this tool, and I’ll be dual syncing!

Download the Outlook sync tool here:

http://www.lgmobilephones.com/images/support/resources/LG_Outlook_Sync.msi

And the modem driver (URL is shortened):

http://www.lgmobilephones.com/…LGUSBModemDriver_Eng_WHQL_Ver_4.9.4_All.exe

It’s possible to email an mp3 as a TXT message to yourself, but that’s not going to work for me. I suppose there are other’s out there like myself, that do not have any data on their plan. I do have text messages, but no data, so no pictures or audio can text to me phone. (because Verizon rips you off on the data pricing!) I just don’t really need that, but it would be handy.

Anyway, down to business. I figured out how to add a ringtone to my Env Touch (LG-VX11000) using the SD Card!

Make your ringtone MP3 file, then insert the SD card into your computer. Find the “my_sounds” folder. Copy ringtones into there. Next put the SD card back into your EnV Touch. Hit the center, blue icon (with the four white dots) to open the menu. Go to “Media Center” in the menu, and then “Music and Tones”. Next go to “My Sounds”, you should see the ring tones you’ve added in there. Click on one that you want, the “Options” menu should show, and select “Set As”. Then select “Ringtone”.

There you go! You now have your custom ringtone on your EnV Touch!

(This might work for the EnV 3 too! They have very similar menu’s and options.)

I found some info on Google searches to get Windows 7 to join a Samba domain controller.  I have Ubuntu 9.04 Jaunty which runs Samba 3.3.2, which I guess does not work.  You need 3.3.4.   Windows 7 needs a registry change:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000

The above need to be added to allow the join to work.  Then find the key below and set those values to 0.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOnSeal”=dword:00000000
“RequireStrongKey”=dword:00000000

The Netlogon values need to be updated, or Windows 7 will not allow domain logons.  You’ll get an error about credentials and no domain controller, or something like it.  Adding the second two will allow the logon.

Adding the registry keys above, plus upgrading Samba, did the trick.  I was able to join Windows 7 to Samba 3.3.4, but I did get a weird error about the DNS suffix being wrong.  I just said OK and left it.  I tried to change it several times after, too, but always get the same error.  System working fine so far though!

As for upgrading Samba, you’ll have to Google that one.  But here’s what I did, in a nutshell. (This is NOT a HOWTO, just a record of my experience, so if you follow this, it might break your system. Just be warned.  A Samba Server book might be nice for more information.)  I had a working domain controller, so I had a SAM database already with SID’s and passwords.  I didn’t want to lose those.  After backing up my server and Samba configs (including all the tdb files) I removed Samba 3.3.2 package from Ubuntu.  Then I downloaded the Samba source tar.gz for version 3.3.4, unpacked and “./configure” and then compiled. (make && make install)

At this point I found all my tdb files and copied them into the default Samba installation, which was different than the Ubuntu package.  I think the original tdb files from Ubuntu are in /var/lib/samba.  I copied all that to /usr/local/samba/var/lock. (the default when compiling from source)  I also setup a link from the original smb.conf in /etc/samba to /usr/local/samba/lib/smb.conf.

Now I’ve got my Windows 7 system logged in and joined to my Samba domain!

Just wanted to add a quick note about this as I couldn’t find a reason why dynamic DNS on my Ubuntu 9.04 system were failing. I had all the right perms, ownership, etc. I even opened up the files to full world writable and still, I got errors that the journal files could not be written to.

Log snippets:

error: journal open failed: unexpected error

jnl: create: permission denied

Learning as I go… there’s a thing in Ubuntu called Apparmor. Never even heard of this. This is what was keeping the files from being written to by the bind daemon.  I guess Apparmor has been in this for a while now, but for several yeas now, I have not run into a situation where I had to mess with it.

Here’s what you change.  And keep in mind, this is NOT the correct way to handle this on a production or public DNS server.  You’ll need to read up more on the correct config for this one.  But on my tiny LAN or at home, here’s what I did.  In the /etc/apparmor.d directory, edit the usr.sbin.named file.  Find the line:

/etc/bind/** r,

Change it to:

/etc/bind/** rw,

Then restart the apparmord daemon.  If your DDNS config in Bind and DHCP are correct, you should start seeing successful updates now.

Here’s a coulple links that were helpful on the DDNS setup:

http://brunogirin.blogspot.com/2007/11/dhcp-and-dynamic-dns-on-ubuntu-server.html
http://ubuntuforums.org/showthread.php?t=274665
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html

Also, I wanted to make a note to myself. Creating a new key for DDNS:

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dhcp-update-key

That creates keyfiles in which you’ll get your key string, this is added in your dhcpd.conf and named.conf.* files as “secret”.   RTFM dnssec-keygen. and read up on the links above. :)