Hey everyone.

I've run into a snag with setting up my PDC on FreeBSD.
Here is the problem:

In order to be able to use LDAP for authentication (when setup with samba as a PDC) you need support for a nsswitch.conf file.
The problem is that FreeBSD 4.x does not support this. However, 5.1 does support it (as well as ACL's).

The problem is that, I would very much prefer to use nsswitch in my setup so I can put all my users into the LDAP tree and use LDAP as the authenticating mechanism. But this cant be done with 4.9 at this time. I've read/heard that the 5.0 release should support this feature. Iim still looking into this to verify.

The other option is to use 5.1 on the server. But, is this a wise decision? It will be our main production server holding very important data. The last thing I need is for this thing to have problems.

So im in a quandary here. Do I just suck it up and use 4.9 or do I use 5.1 and hold my breath?

The last option I have is to use Mandrake as the PDC. I'd prefer to stick strictly with *BSD on my network, but if I cant use a stable platform, I may be forced to use Linux.

Anyone care to share the thoughts and opinions?

Tarballed

In the situation you are dealing with, I would go for 5.x. Not only will it support NSSwitch, you also have options like ACLs, Hard Drive encryption, and MAC. All great things to have at your fingertips for later use.

I thought about using it and even tried installing.

Problem is when I boot to the CD-ROM, it starts booting then freaks out and starts rebooting.

I tried to disable ACPI because it was complaining about that before. Did the same thing, but this time gave an error saying the filesystem was full.

Very interesting: Can't install 4.9 or 5.1

Help!


Tarballed

In order to be able to use LDAP for authentication (when setup with samba as a PDC) you need support for a nsswitch.conf file.
Hmmm, can't you use PAM? There's a working pam_ldap module in there, and I know that there are people using it. It's common practice to authenticate FreeBSD logins against LDAP. (I'm asking because I'm not very familiar with using Samba as a PDC yet, so there's quite possibly some critical point I'm missing.)

The other option is to use 5.1 on the server. But, is this a wise decision? It will be our main production server holding very important data. The last thing I need is for this thing to have problems.
Well, I can tell you that as a pretty seasoned and paranoid admin, I wouldn't touch 5.1 with a 10 foot pole. In fact, I wouldn't consider the 5.x line for any server use until it reaches 5.3. Point-3 releases are usually pretty safe. FreeBSD 4.8 or 4.9 are stable, solid, reliable and proven. That's what you want for the server room. Think military grade. They don't use bleeding-edge components. Think no surprises, think job security ... :-)

I'd prefer to stick strictly with *BSD on my network, but if I cant use a stable platform, I may be forced to use Linux.
My condolences ... :-)

when I boot to the CD-ROM, it starts booting then freaks out and starts rebooting.

I tried to disable ACPI because it was complaining about that before. Did the same thing, but this time gave an error saying the filesystem was full.
What kind of machine is it? As a rule of thumb, on any unknown machine, if it causes problems booting I do two things right away:

- disable any and all power-control technologies (eg ACPI, anything Green)
- disable USB totally

The "filesystem full" bit puzzles me. That pretty-well can't happen until you are well into the install process because you will direct it to install FreeBSD partitions and format the disk. Did you get into the install menu at all? If so, did you remove any existing partitions, repartition the whole drive for FreeBSD and then create filesystems in there? If you skip either step, or do them incorrectly, you may not have enough space to do the install.

I agree with bmw, for production servers, the dev's know more than you, if it was stable, it would be tagged -STABLE. Then give the devs about 3 months to be wrong, and then it might be safe =)

Looks like bmw is correct. The server's scsi card is a bit new for 4.9.

Whats odd though is that if I boot off the 4.9 CD, and hit the space bar when it says hit enter to boot the kernel, I get dropped to the single mode command line.

If I type lsdev, it lists the actually drive thought. It even shows the old partitions that were on it. That really puzzles me because if says during install, it cant find the drives...

Perplexing is what it is...

Not sure what i'm going to do now... :(

Tarballed

If I type lsdev, it lists the actually drive thought. It even shows the old partitions that were on it. That really puzzles me because if says during install, it cant find the drives...
It's probably showing you the single drive, not the RAID array. That's not a "safe" mode.

Can you beg/borrow/steal an older SCSI RAID card? Eg Adaptec?

[quote:d45635290e="tarballed"]In order to be able to use LDAP for authentication (when setup with samba as a PDC) you need support for a nsswitch.conf file.
Hmmm, can't you use PAM? There's a working pam_ldap module in there, and I know that there are people using it. It's common practice to authenticate FreeBSD logins against LDAP. (I'm asking because I'm not very familiar with using Samba as a PDC yet, so there's quite possibly some critical point I'm missing.)[/quote:d45635290e]
Ok, I googled and now I see that nsswitch is used to get at more of the login record than PAM gives you. I can understand that requirement because I've grumbled at PAM for much the same reason.

Cool! Something else to look forward to in 5.3. :-)

Ok, I googled and now I see that nsswitch is used to get at more of the login record than PAM gives you. I can understand that requirement because I've grumbled at PAM for much the same reason.

Cool! Something else to look forward to in 5.3. :-)

Yes. nsswitch really does add another dimension to using LDAP. That is why I was very dissappointed when I found out 4.x does not support it. :(

In the meantime, I have time to 'play around' with the servers for a bit, to test and check it out.

With that in mind, where can I go to find a list of what is being developed for the upcoming releases of FreeBSD?

I'd like to see what release will have all these nice features. You think 5.3?

Tarballed

Doesn't NetBSD support nsswitch? man page nsswitch.conf(5) (http://netbsd.gw.com/cgi-bin/man-cgi?nsswitch.conf)
Isn't that what you're looking for. I mention NetBSD because I know the FreeBSD 4.x branch doesn't support it and I know you want to stay away from the 5.x branch until -STABLE, I don;t know that OpenBSD supports it and I think that your computer is dual processor anyway so it is a mute point anyway.

As for your SCSI card did you look in the LINT file to see if the kernel has support that could be compiled in? Is there a klm you can load? Your also letting your SCSI controller manage the RAID container vs. using something like vinum right. You've verified that your container is setup correctly?

Doesn't NetBSD support nsswitch? man page nsswitch.conf(5)
Isn't that what you're looking for. I mention NetBSD because I know the FreeBSD 4.x branch doesn't support it and I know you want to stay away from the 5.x branch until -STABLE, I don;t know that OpenBSD supports it and I think that your computer is dual processor anyway so it is a mute point anyway.

As for your SCSI card did you look in the LINT file to see if the kernel has support that could be compiled in? Is there a klm you can load? Your also letting your SCSI controller manage the RAID container vs. using something like vinum right. You've verified that your container is setup correctly?

Hey Elmore....I did think about trying NetBSD actually. I tried installing 1.6.1 and it was getting errors when trying to boot off the CD.

As for the SCSI card, I updated the BIOS on it today. There is also a CD that you boot off to setup the initial RAID configurations. THus, when you install, it looks like one big disk. It's the suggested method by IBM. I verified by calling and asking.

LINT file...im blanking here...I'm dead tired right now and im not thinking real well to be honest...

At this point, I have the option to play and test for a bit before I make a decision. I have convinced the 'suits' to at least steer clear of Linux and they actually agree. :)

Tarballed

the lint file is still in the 4.x branch I believe and it contains all possible kernel values. I'd be real surprised if IBM doesn't have a compatible SCSI/RAID controller. It's located in /usr/src/sys/i386/conf I believe.

Most boxes that I've run RAID on I've had to compile custom kernels for, though it's been a little while. I'd also be fairly surprised if there wasn't a klm available for your RAID controller. What type of controller did you say it was again?

Here it is:

dmesg

[code:1:e20fb3b475]SvrWks CSB5: IDE controller at PCI slot 00:0f.1
SvrWks CSB5: chipset revision 147
SvrWks CSB5: not 100% native mode: will probe irqs later
SvrWks CSB5: simplex device: DMA forced
ide0: BM-DMA at 0x0700-0x0707, BIOS settings: hda:DMA, hdb:DMA
SvrWks CSB5: simplex device: DMA forced
ide1: BM-DMA at 0x0708-0x070f, BIOS settings: hdc:DMA, hdd:DMA

SCSI subsystem driver Revision: 1.00
Warning: Adapter 0 Firmware Compatible Version is MR600, but should be SA510
Warning: Adapter 0 BIOS Compatible Version is MR600, but should be SA510
Warning ! ! ! ServeRAID Version Mismatch
scsi0 : IBM PCI ServeRAID 5.10.21
Vendor: IBM Model: SERVERAID Rev: 1.00
Type: Direct-Access ANSI SCSI revision: 02
Vendor: IBM Model: SERVERAID Rev: 1.00
Type: Processor ANSI SCSI revision: 02
Vendor: IBM Model: 32P0032a S320 1 Rev: 1
Type: Processor ANSI SCSI revision: 02
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
SCSI device sda: 142192640 512-byte hdwr sectors (72803 MB) [/code:1:e20fb3b475]

SHould be the ips scsi host adaptor.

Tarballed

Looks to me like your RAID container might not be setup correctly.
My servers that run RAID atm have mismatch messages similar to what you're seeing but they still work just fine.

Looks to me like your RAID container might not be setup correctly.
My servers that run RAID atm have mismatch messages similar to what you're seeing but they still work just fine

Hmm. I'll double check here.
Any idea what could be wrong?

The initial configuration is just a matter of grouping the drives into an array and then formatting them. Pretty simple GUI interface.

I'll check again. Anything I should look for in particular?

Doesn't NetBSD support nsswitch? man page nsswitch.conf(5) (http://netbsd.gw.com/cgi-bin/man-cgi?nsswitch.conf)
Elmore, looks like while NetBSD does support nsswitch, it doesn't support the loadable modules that the new FreeBSD port does, and therefore does not support LDAP.

I think that the answer (for LDAP) may be to use one of the LDAP-to-NIS bridges that I hear chat about. Further googling necessary.

It looks to me that it also wouldn't be too hard to call ldapsearch every 5 minutes and write the results to an NIS map file then do yppush. You would then use the normal FreeBSD NIS/YP support for logins.

<boomingvoice> This sounds like a job for AWK-and-SED-MAN! </boomingvoice>

:-)