Posts Tagged ‘centos’

After a yum update and later on a reboot I broke my Trixbox 2.8 / Nagios server as it wasn’t dialing out anymore using the FXO card attached to the server. The server dials out thanks to Asterisk performing a text2speech function which eventually results in a call to me through one of my company’s POTS. After some research and log searching I got the following errors identified:

Loading DAHDI hardware modules:
FATAL: Module dahdi not found.
wct4xxp:  FATAL: Module wct4xxp not found.       [FAILED]
wcte12xp:  FATAL: Module wcte12xp not found.     [FAILED]
wct1xxp:  FATAL: Module wct1xxp not found.       [FAILED]
wcte11xp:  FATAL: Module wcte11xp not found.     [FAILED]
wctdm24xxp:  FATAL: Module wctdm24xxp not found. [FAILED]
wcfxo:  FATAL: Module wcfxo not found.           [FAILED]
wctdm:  FATAL: Module wctdm not found.           [FAILED]
wcb4xxp:  FATAL: Module wcb4xxp not found.       [FAILED]
wctc4xxp:  FATAL: Module wctc4xxp not found.     [FAILED]
xpp_usb:  FATAL: Module xpp_usb not found.       [FAILED]
Error: missing /dev/dahdi!

The error could be duplicated by trying to start the dahdi service (# service dahdi start) or by simply restarting the server and looking at server load up.

Researching the forums showed that Trixbox 2.8 now uses dahdi modules instead of zap modules but I had the dahdi modules and packages installed, which led me to see what kernel I was actually running, it seemed I was actually running a XEN kernel, 2.6.18-164.11.1.el5xen to be exact, a-ha!

I am unsure why I had installed XEN kernels but it must have been a mistake and 2.6.18-164.11.1.el5xen was set up as my default kernel boot option. I uninstalled kernels, rebooted, ran setup-pstn and it’s all back to normal!

[root@hostname][~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda2
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
#hiddenmenu
title CentOS (2.6.18-164.11.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/
        initrd /initrd-2.6.18-164.11.1.el5.img
title trixbox-base (2.6.18-128.1.10.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-128.1.10.el5 ro root=LABEL=/
        initrd /initrd-2.6.18-128.1.10.el5.img
[root@hostname][~]# dahdi_cfg -vv
DAHDI Tools Version - 2.2.1
DAHDI Version: 2.2.1
Echo Canceller(s): MG2
Configuration
======================
Channel map:
Channel 01: FXS Kewlstart (Default) (Echo Canceler: mg2) (Slaves: 01)
1 channels to configure.
Setting echocan for channel 1 to mg2
[root@hostname][~]# /etc/init.d/dahdi restart
Unloading DAHDI hardware modules: ERROR: Module dahdi_echocan_mg2 is in use
ERROR: Module wcfxo is in use
ERROR: Module dahdi is in use by dahdi_echocan_mg2,wcfxo
error
Loading DAHDI hardware modules:
  wct4xxp:                                                 [  OK  ]
  wcte12xp:                                                [  OK  ]
  wct1xxp:                                                 [  OK  ]
  wcte11xp:                                                [  OK  ]
  wctdm24xxp:                                              [  OK  ]
  wcfxo:                                                   [  OK  ]
  wctdm:                                                   [  OK  ]
  wcb4xxp:                                                 [  OK  ]
  wctc4xxp:                                                [  OK  ]
  xpp_usb:                                                 [  OK  ]
Running dahdi_cfg:                                         [  OK  ]

  • Install the required packages:

yum install samba krb5-workstation krb5-libs pam_krb5 samba-common ntp

  • Edit /etc/krb5.conf (and replace the entries in bold, do not use the <> symbols!):

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
  
[libdefaults]
 default_realm = <DOMAIN.LOCAL>
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes
  
[realms]
 <DOMAIN.LOCAL> = {
 kdc = <domain-controller.domain.local>
 admin_server = <domain-controller.domain.local>

 default_domain = <DOMAIN.LOCAL>
 }
  
[domain_realm]
 .<domain.local> = <DOMAIN.LOCAL>
 <domain.local><DOMAIN.LOCAL>
  
[appdefaults]
 pam = {
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false
 }

  • Edit /etc/samba/smb.conf [global] section (again replace the entries in bold and do not use with <> symbols):

[global]
  
 workgroup = <DOMAIN>
 netbios name = <COMPUTER-HOST-NAME>
 server string = <Computer Description>
 security = ads
 realm = <DOMAIN.LOCAL>
 encrypt passwords = yes
 smb passwd file = /etc/samba/smbpasswd
 allow trusted domains = yes
 unix password sync = Yes
 passwd program = /usr/bin/passwd %u
 passwd chat = *New*password* %n\n *Retype*new*password* %n\n*passwd:*all*authentication*tokens*updated*successfully*
 pam password change = yes
 obey pam restrictions = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 dns proxy = no
 idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 winbind use default domain = yes
 # winbind separator = #
 winbind enum users = yes
 winbind enum groups = yes
 template shell = /bin/bash
 template homedir = /home/%U
 load printers = no
 printing = none
 printcap name = /dev/null
 disable spoolss = yes

Note: I don’t like to use the winbind separator feature because I like my domain accounts to authenticate without having to use something like DOMAIN\username or DOMAIN+username to login to the Linux shell. This is up to you. Same with the HOMEDIR location, I like the users to remain within the /home directory rather than /home/DOMAIN/

  • Edit /etc/nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns

  •  Edit /etc/pam.d/system-auth:

auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
  
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore]pam_winbind.so
account required pam_permit.so
  
# Use option below if you want to restrict all users but
# those that belong to the ‘unix’ group in AD
# account requisite pam_succeed_if.so user ingroup unix
  
password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
  
session required pam_limits.so
session required pam_unix.so
session optional pam_mkhomedir.so skel=etc/skel/ umask=0027
session optional pam_krb5.so

  • Once these files are added, you need to turn on winbind manually for the test: 

 /etc/init.d/winbind restart ; /etc/init.d/smb restart

  • Ensure winbind and Samba are running in the proper run levels:

chkconfig –level 345 winbind on ; chkconfig –level 345 smb on

  • You will now want to try to add the computer to the domain. You will need an account with domain admin privileges to do this:

net ads join –U <administrator>@<DOMAIN LOCAL>

This will join the computer to the domain, and will prompt you for the administrator password. It should work successfully. If not, look at log files, conf files, and ensure they match this guide!

To see if you are able to see groups, just type in:

wbinfo –g

  • Other commands to try:

getent passwd (password list, should retrieve domain users as well)
getent group (group list, should retrieve domain groups as well)
wbinfo –g (lists groups from domain)
wbinfo –u  (lists users from domain)