Installing Likewise Open on Ubuntu 14.04

In the release of Ubuntu 14.04 it would now appear that the likewise open package has been removed from the repository and there is no source package available.

However,  as mentioned at the following article http://www.tecmint.com/integrate-ubuntu-14-04-to-zentyal-pdc/ you can manually download and install the packages. I only followed the steps to download and install the likewise-open and libglade packages as I do not require the GUI package.

To manually download and install the required packages as above, invoke the following:

$ wget http://de.archive.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_6.1.0.406-0ubuntu10_amd64.deb
$ wget http://de.archive.ubuntu.com/ubuntu/pool/main/libg/libglade2/libglade2-0_2.6.4-1ubuntu3_amd64.deb
$ sudo dpkg -i likewise-open_6.1.0.406-0ubuntu10_amd64.deb
$ sudo dpkg -i libglade2-0_2.6.4-1ubuntu3_amd64.deb

However, I received the following error, when attempting to install the libglade2-0:amd64 package:

dpkg: error processing package libglade2-0:amd64 (--install): dependency problems - leaving unconfigured
Errors were encountered while processing:libglade2-0:amd64

All I was required to do was to run ‘sudo apt-get -f install‘ to install any dependencies the libglade package required and following this I was able to invoke ‘domainjoin-cli‘ from the installed likewise open package.

Advertisements

Enabling logging for Likewise agents in ESXi

In order to join ESXi hosts to the domain Likewise agents are used to join to the Active Directory domain and for user authentication requests. In order to troubleshoot Active Directory integration you will need to enable logging of the agent as by default they do not generate a log file.

This can be performed by enabling logging for the netlogond, lwoid and lsassd daemons.

1) Modify the file ‘/etc/init.d/netlogond’ file to change the line ‘PROG_ARGS=”–start-as-daemon –syslog‘ to one of the below, if you are using a scratch partition use the second option:

PROG_ARGS="--start-as-daemon --logfile /var/log/netlogond.log --loglevel debug" 

PROG_ARGS="--start-as-daemon --logfile /scratch/log/netlogond.log --loglevel debug"

2) Modify the file ‘/etc/init.d/lwoid‘ file to change the line ‘PROG_ARGS=”–start-as-daemon –syslog to one of the below, if you are using a scratch partition use the second option:

PROG_ARGS="--start-as-daemon --logfile /var/log/lwiod.log --loglevel trace" 

PROG_ARGS="--start-as-daemon --logfile /scratch/log/lwiod.log --loglevel trace"

3) Modify the file ‘/etc/init.d/lsassd‘ file to change the line ‘PROG_ARGS=”–start-as-daemon –syslog”‘ to one of the below, if you are using a scratch partition use the second option:

PROG_ARGS="--start-as-daemon --logfile /var/log/lsassd.log --loglevel trace"

PROG_ARGS="--start-as-daemon --logfile /scratch/log/lsassd.log --loglevel trace"

4) Restart each of the services to apply the changes:

/etc/init.d/netlogond restart

/etc/init.d/lwiod  restart

/etc/init.d/lsassd restart

Unable to join ESXi host to the domain – Error when handling SMB socket

I was recently joining ESXi (5.5.0, 1892794) hosts to a domain to which the task would  fail with the status ‘Errors in Active Directory operations’.  On further investigation of the Likewise agent log on the impacted ESXi host, the following was being written to the log file:

 

ERROR:[SMBSocketReaderMain() /build/mts/release/bora-1471401/likewise/esxi-esxi/src/linux/lwio/server/rdr/socket.c:660] Error when handling SMB socket

 

This issue is due to  the size of the Kerberos Ticket Granting Service (TGS) being very high. From the network capture for SMB errors in the Likewise agent logs where the ‘Security Blob Length’ and ‘Byte Count’ values are greater than the  Max Buffer Size on the domain controller to which the ESXi host is setting up a SMB session which by default is 16644 bytes or 4356 bytes if total memory is less than or equal to 512 MB on the host.

Below is an example of the above values in an SMB network capture:


Security Blob Length: 19314
Byte Count (BCC): 19371

 

In order to resolve this issue, I was required to add a DWORD value name ‘SizeReqBuf’ to the registry key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters’ where the the value data (Decimal) is greater than the values being returned from the network capture and then restart the domain controller(s).