Categories

ID #1268

How can PowerBroker be used with Bright?

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">How can PowerBroker be used with Bright?an>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">PowerBroker allows AD authentication services an class="highlight">toan> work with Linux. It can be made an class="highlight">toan> work with Bright. The following procedure was tested with Bright 7.0 and RHEL 6 and illustrates how it can be done:an>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; vertical-align: baseline;">For the head nodean>

 

  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Download the Power Broker script:an>

an style="font-family: courier new,courier;">an style="font-size: 12px; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# wget -c an><a style="text-decoration: none;" href="http://download.beyondtrust.com/PBISO/8.2.2/linux.rpm.x64/pbis-open-8.2.2.2993.linux.x86_64.rpm.sh">an style="font-size: 12px; color: #1155cc; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; vertical-align: baseline;">http://download.beyondtrust.com/PBISO/8.2.2/linux.rpm.x64/pbis-open-8.2.2.2993.linux.x86_64.rpm.shan>a>an>

 

    art="2">
  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Run the downloaded script an class="highlight">toan> install the binaries:an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# sh pbis-open-8.2.2.2993.linux.x86_64.rpm.sh an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Creating direcan class="highlight">toan>ry pbis-open-8.2.2.2993.linux.x86_64.rpman>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Verifying archive integrity... All good.an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Uncompressing pbis-open-8.2.2.2993.linux.x86_64.rpm............an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Would you like an class="highlight">toan> install package for legacy links? (i.e.  /opt/likewise/bin/lw-find-user-by-name -> /opt/pbis/bin/find-user-by-name) (yes/no) yesan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Would you like an class="highlight">toan> install now? (yes/no) yesan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Installing packages and old packages will be removedan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">warning: /root/pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-upgrade-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Preparing...                ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">   1:pbis-open-upgrade      ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">warning: /root/pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Preparing...                ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">   1:pbis-open              ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Setting up SELinux Policy Modulean>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Importing registry...an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/accounts.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/dcerpcd.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/eventlogd.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/lsassd.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/lwiod.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/lwreg.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/netlogond.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/privileges.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/rdr.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/reapsysl.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/share/config/usermonian class="highlight">toan>r.regan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">warning: /root/pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-gui-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Preparing...                ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">   1:pbis-open-gui          ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">warning: /root/pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-legacy-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Preparing...                ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">   1:pbis-open-legacy       ########################################### [100%]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Installing Packages was successfulan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">New libraries and configurations have been installed for PAM and NSS.an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Please reboot so that all processes pick up the new versions.an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">As root, run domainjoin-gui or domainjoin-cli an class="highlight">toan> join a domain so you can log on with Active Direcan class="highlight">toan>ry credentials. Example:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">domainjoin-cli join MYDOMAIN.COM MyJoinAccountan>

 

    art="3">
  1. an style="font-family: courier new,courier;">an style="font-size: 15px; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Add the AD server in thean>an style="font-size: 15px; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"> /etc/hostsan>an style="font-size: 15px; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"> list so that it can be reached, and create a forward zone for the AD domain:an>an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# cat /etc/hostsan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"># This section of this file was auan class="highlight">toan>matically generated by cmd. Do an class="highlight">notan> edit manually!an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">10.2.181.5 win2008 win2008.bcm.local bcm.local bcman>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"># BEGIN AUan class="highlight">TOan>GENERATED SECTION -- DO an class="highlight">NOTan> REMOVEan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# cat /etc/resolv.conf an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"># This section of this file was auan class="highlight">toan>matically generated by cmd. Do an class="highlight">notan> edit manually!an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"># BEGIN AUan class="highlight">TOan>GENERATED SECTION -- DO an class="highlight">NOTan> REMOVEan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">search cm.cluster eth.cluster openstacklocal new.net bcm.localan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">nameserver 127.0.0.1an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">nameserver 10.141.255.253an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">nameserver 10.2.181.5an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">nameserver 10.2.202.202an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"># END AUan class="highlight">TOan>GENERATED SECTION   -- DO an class="highlight">NOTan> REMOVEan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# cat /etc/named.conf.include an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">zone “bcm.local” IN {an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">       type forward;an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">       forwarders {10.2.181.5;};an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">};an>

 

    art="4">
  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Join the AD domain, so that the head node can be logged inan class="highlight">toan> with the AD credentials:an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>ran>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Joining an class="highlight">toan> AD Domain:   BCM.LOCALan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">With Computer DNS Name: b70-c6.bcm.localan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Administraan class="highlight">toan>r@BCM.LOCAL's password: an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Warning: System restart requiredan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Your system has been configured an class="highlight">toan> authenticate an class="highlight">toan> Active Direcan class="highlight">toan>ry for the first time.  It is recommended that you restart your system an class="highlight">toan> ensure that all applications recognize the newan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">settings.an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">SUCCESSan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# getent passwdan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[...]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">BCM\administraan class="highlight">toan>r:x:1015546356:1015546369::/home/local/BCM/administraan class="highlight">toan>r:/bin/shan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">BCM\guest:x:1015546357:1015546370::/home/local/BCM/guest:/bin/shan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">BCM\krbtgt:x:1015546358:1015546369::/home/local/BCM/krbtgt:/bin/shan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">BCM\adel:x:1015546959:1015546369:adel:/home/local/BCM/adel:/bin/shan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">mohamed@mohamed:~$ ssh -l BCM\\adel b70-c6an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[...]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Creating DSA key for sshan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">-sh-4.1$ an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# tail /var/log/securean>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[...]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">May 11 08:55:07 b70-c6 sshd[18667]: Accepted keyboard-interactive/pam for BCM\\adel from 10.2.184.4 port 36976 ssh2an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">May 11 08:55:07 b70-c6 sshd[18667]: pam_unix(sshd:session): session opened for user BCM\adel by (uid=0)an>

 

    art="5">
  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Add the following line in an>an style="font-size: 15px; font-family: 'Courier New'; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/etc/rc.localan>an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"> of the head nodes:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# cat /etc/rc.local an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[...]an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>r <Ch@ngeMe>an>

 

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; vertical-align: baseline;">For the compute nodesan>

 

  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">copy the downloaded script inan class="highlight">toan> the an>an style="font-size: 15px; font-family: 'Courier New'; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">tmpan>an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"> direcan class="highlight">toan>ry of the software image:an>

an id="docs-internal-guid-6e7078a3-947f-3d3d-29a7-a928aadb1300" style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# cp pbis-open-8.2.2.2993.linux.x86_64.rpm.sh /cm/images/default-image/tmp/an>

 

 

    art="2">
  1. an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">chroot inan class="highlight">toan> the software image and run the script an class="highlight">toan> install the binaries:an>

an style="color: #000000;">[root@b70-c6 ~]# chroot /cm/images/default-image/an>
[root@b70-c6 /]# sh /tmp/pbis-open-8.2.2.2993.linux.x86_64.rpm.sh
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Creating direcan class="highlight">toan>ry pbis-open-8.2.2.2993.linux.x86_64.rpm
Verifying archive integrity... All good.an style="line-height: 1.38;"> an>
Uncompressing pbis-open-8.2.2.2993.linux.x86_64.rpm............an style="line-height: 1.38;"> an>
Would you like an class="highlight">toan> install package for legacy links? (i.e. /opt/likewise/bin/lw-find-user-by-name -> /opt/pbis/bin/find-user-by-name) (yes/no) yesan style="line-height: 1.38;"> an>
Would you like an class="highlight">toan> install now? (yes/no) yes
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Installing packages and old packages will be removed
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
warning: /pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-upgrade-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEY
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Preparing...            ########################################### [100%]an style="line-height: 1.38;"> an>
  1:pbis-open-upgrade  ########################################### [100%]
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
warning: /pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan style="line-height: 1.38;"> an>
Preparing...            ########################################### [100%]an style="line-height: 1.38;"> an>
  1:pbis-open          ########################################### [100%]
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Setting up SELinux Policy Modulean style="font-size: small; font-family: 'courier new', courier; color: #000000;">  an>
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Importing registry…
/opt/pbis/share/config/accounts.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/dcerpcd.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/eventlogd.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/lsassd.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/lwiod.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/lwreg.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/netlogond.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/privileges.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/rdr.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/reapsysl.regan style="line-height: 1.38;"> an>
/opt/pbis/share/config/usermonian class="highlight">toan>r.reg
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
warning: /pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-gui-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEYan style="line-height: 1.38;"> an>
Preparing...            ########################################### [100%]an style="line-height: 1.38;"> an>
  1:pbis-open-gui      ########################################### [100%]
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
warning: /pbis-open-8.2.2.2993.linux.x86_64.rpm/./packages/pbis-open-legacy-8.2.2-2993.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEY
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
Preparing...            ########################################### [100%]an style="line-height: 1.38;"> an>
  1:pbis-open-legacy   ########################################### [100%]
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
an style="font-family: 'courier new', courier; font-size: small;">Installing Packages was successfulan>an style="font-size: 15px;">   an>
an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;"> an>
New libraries and configurations have been installed for PAM and NSS.an style="line-height: 1.38;"> an>
Please reboot so that all processes pick up the new versions.an style="line-height: 1.38;"> an>
[...]

 


an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;">3.a. for RHEL6-like systems, you'll need an class="highlight">toan> add the following line in /cm/images/default-image/etc/rc.local so that the compute nodes are registered with AD after each reboot:an>

an style="font-family: 'courier new', courier;">[root@b70-c6 ~]# cat /etc/rc.localan>

an style="font-family: 'courier new', courier;">[...]an>

an style="font-family: 'courier new', courier;">domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>r <password>an>


an style="color: #000000; font-family: Arial; font-size: 15px; line-height: 1.38;">3.b. for RHEL7-like systems, you'll need an class="highlight">toan> "ExecStartPost=/path/an class="highlight">toan>/post/lwsmd/startup/script" an class="highlight">toan> the "/etc/pbis/redhat/lwsmd.service" script so the cusan class="highlight">toan>m post script can do the join after the service has started.an>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: underline; vertical-align: baseline;">Troubleshootingan>

 

Issue:

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">[root@b70-c6 ~]# sh pbis-open-8.2.2.2993.linux.x86_64.rpm.shan>

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">Creating direcan class="highlight">toan>ry pbis-open-8.2.2.2993.linux.x86_64.rpman>

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">Verifying archive integrity... All good.an>

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">Uncompressing pbis-open-8.2.2.2993.linux.x86_64.rpm............an>

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">ERROR: LD_LIBRARY_PATH, LIBPATH, and SHLIB_PATH must be unset or list /opt/pbis/lib as the first direcan class="highlight">toan>ry. See the "Requirements for the Agent" section of the PowerBroker Identity Services manual for more information.an>

 

Resolution:

an style="color: #000000; font-family: monospace, sans-serif; font-size: 13px; white-space: pre-line;">[root@b70-c6 ~]# unset LD_LIBRARY_PATHan>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Issue:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>ran>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Joining an class="highlight">toan> AD Domain:   BCM.LOCALan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">With Computer DNS Name: b70-c6.bcm.localan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Administraan class="highlight">toan>r@BCM.LOCAL's password: an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Error: DNS_ERROR_BAD_PACKET [code 0x0000251e]an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">A bad packet was received from a DNS server. Potentially the requested address does an class="highlight">notan> exist.an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>ran>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Joining an class="highlight">toan> AD Domain:   BCM.LOCALan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">With Computer DNS Name: b70-c6.bcm.localan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Administraan class="highlight">toan>r@BCM.LOCAL's password: an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Error: DNS_ERROR_BAD_PACKET [code 0x0000251e]an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">A bad packet was received from a DNS server. Potentially the requested address does an class="highlight">notan> exist.an>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Resolution:an>

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Add the DNS role an class="highlight">toan> the windows server (if it’s an class="highlight">notan> added already), add the AD as a nameserver in the base partition and make sure that the forward zone for the AD DNS is configured properly.an>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">issue:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">[root@b70-c6 ~]# domainjoin-cli join BCM.LOCAL Administraan class="highlight">toan>ran>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Joining an class="highlight">toan> AD Domain:   BCM.LOCALan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">With Computer DNS Name: b70-c6.BCM.LOCALan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Administraan class="highlight">toan>r@BCM.LOCAL's password: an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Warning: Unsupported loader flags setan>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">LD_LIBRARY_PATH and/or LD_PRELOAD are currently set on your system. Best practices for Unix and Linux administration strongly recommend an class="highlight">notan> an class="highlight">toan> use these environmental variables. PowerBrokeran>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Identity Services does an class="highlight">notan> support environments where either variable is set.an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">If this operation fails you should san class="highlight">toan>p all PowerBroker Identity Services daemons, clear the environmental variable, then retry the join operation.an>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">For more information, see the PowerBroker Identity Services guide online at:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">http://www.beyondtrust.com/Technical-Support/Downloads/files/pbiso/Manuals/likewise-open-guide.html#AgentRequirementsan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Or a local PDF file is available in:an>

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">/opt/pbis/docs/likewise-open-guide.pdf (See section 4.2 Requirements for the Agentan>

 

an style="font-size: 12px; font-family: courier new,courier; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">SUCCESSan>

 

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: bold; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Resolution:an>

an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">Before running the an>an style="font-size: 15px; font-family: 'Courier New'; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;">domainjoin-clian>an style="font-size: 15px; font-family: Arial; color: #000000; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;"> command, unload any environment modules which export LD_LIBRARY_PATH.  This will san class="highlight">toan>p the warning.an>

Tags: -

Related entries:

You cannot comment on this entry