Mike's Realm chown -R us ./base

26May/160

PowerBroker Identity Services (PBIS): Restrict Login by Security Groups

PowerBroker changed how this is done from previous versions (when it was called LikeWise), now you configure this via the PBIS config command:

sudo /opt/pbis/bin/config RequireMembershipOf DOMAIN\\domain^admins DOMAIN\\server^admins

Some things to note:

  • If you require multiple groups simply put a space between each group
  • This command overwrites the previously set value each time it is run, so take care that you re-enter any groups previously set that you want to retain when adding another group
  • Remember to escape the slash between the domain & group name with a slash (double slash)
  • Replace spaces with ^ (as shown above)
  • Obviously replace DOMAIN with your domain
  • If it still doesn't work, try dropping case on the group names

 

Share
25Mar/1117

P2V: VolGroup00 not found – Linux LVM

So you P2V'd a Linux box (CentOS, RedHat, Oracle, etc.) that is using LVM and now when it boots you get:

Reading all physical volumes. This may take awhile...
Volume group "VolGroup00" not found
Unable to access resume device (/dev/VolGroup00/LogVol01)
mount: could not find filesystem '/dev/root'
setuproot: moving /dev failed: No such file or directory
setuproot: error mounting /proc: No such file or directory
setuproot: error mounting /sys: No such file or directory
switchroot: mount failed: No such file or directory
Kernel panic - not syncing: Attempted to kill init!

Well that sucks--basically initrd didn't have the right drivers to access the file system.

Reboot the VM with the Linux distro ISO attached

Then it boots from the CD follow the instructions to enter Linux Rescue (usually you type "linux rescue" at the boot prompt)

Now we can rebuild initrd with the missing drivers.

Enter:

 

Type:

Now hit tab and it will auto complete then add the text that was autocompleted when you hit tab except for the .img

So your command should look like:

Hit enter and it will do it's thing with a lot of output coming out, when it's done type exit annd exit again and the VM will reboot automatically.  Should boot up just fine this time.

Share
Tagged as: , , , , , 17 Comments
12Feb/112

LikeWise Open: Adding Domain Group to Sudoers File

So now that your cranking using LikeWise, you want to use it for all your admins and you need to give them access to sudo all.
Run visudo as normal:
sudo visudo
Then add a line at the bottom like so: (remember to press I to switch to edit mode so you can add this)
%DOMAIN\\linux^admins ALL=(ALL) ALL

When your done hit escape then type:

:wq

This will write the file out and exit visudo

Some things to note:

  • The % MUST be the first character on the line
  • Escape the slash between domain & user with a slash (double slash)
  • Use ^ in place of spaces
  • Obviously replace DOMAIN with your domain
  • If you have problems try dropping case on the group name
Share
Tagged as: , 2 Comments
11Feb/115

LikeWise Open: Change Default Shell

LikeWise by default will have users on /bin/sh since not all systems have bash--correct that and make your users happy:
sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]' LoginShellTemplate /bin/bash
sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\Local]' LoginShellTemplate /bin/bash
Then simply refresh Local Security Service:
sudo /opt/likewise/bin/lwsm refresh lsass
Now you also need to clear LikeWise's Active Directory Cache if users have already logged in and you want it to take effect immediately:  (if this is done during setup you can skip this step)
sudo /opt/likewise/bin/lw-ad-cache --delete-all

Enjoy

Share
Tagged as: , 5 Comments
10Feb/112

LikeWise Open: Restrict Login by Groups

So once you get LikeWise setup, one of the first things that comes up is howto restrict access to prevent just anyone from being able to login.  You can leverage Active Directory groups via LikeWise to require a user to have membership of one of the group(s) you define.

LikeWise changed how this is done from previous versions, now you need to edit the LW registry like so:

sudo /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "domain\\domain^admins" "domain\\unix^admins"

Yes you need the double slash--this escapes the slash properly.  Also if it isn't obvious replace domain with your domain name.  You can specify as many groups as you want, just encase in quotes and leave a space as shown above.  Now you simply refresh the Local Security Service like so:

sudo /opt/likewise/bin/lwsm refresh lsass

And your done, easy-peasy with LikeWise

Some things to note:

  • Remember to escape the slash between domain & user with a slash (double slash)
  • Use ^ in place of spaces
  • Obviously replace DOMAIN with your domain
  • If you have problems try dropping case on the group names
Share
Tagged as: , 2 Comments
24Aug/100

Linux P2V Issues

Took me awhile to get what should have been a simple Linux P2V done at work!

This stuff wasn't clearly stated anywhere--I couldn't find anyone with similar issues, so I'm posting this up hoping to help someone else out in the future.  Working with VMware they pointed out the lack of support for dvSwitches after passing through a few levels of support their.

Error: Unable to connect to the Converter helper server on the target virtual machine

Cause: VMware does not support the usage of dvSwitches for Linux Conversions!  Make sure the network you select isn't a dvSwitch

Error: Unable to obtain the IP address of the target virtual machine running the Converter helper server.

Cause: Related to the above error, relying on DHCP while using a network that is a dvSwitch for a conversion will get you the above error.

FAILED: MethodFault.summary

The last task before removal will be something like: Connecting the Converter helper ISO image to the target virtual machine.

Cause: ESX(i) 4.1 is not supported at this time by VMware Converter--this was with version 4.0.1--the latest version at the time this post was made.

Leave a comment if these notes helped you out or if you have any other uncommon errors you ran into.

Share
Tagged as: , , , , No Comments