Adding RHEL6/CentOS6 to Active Directory

Using linux as an client against AD for useridentification has been improved alot lately.
From rhel6.5, ubuntu 14.04 and debian 8 its very easy to setup without using ldap directly.

This has been tested on CentOS 6.5 and Windows 2012 R2

Windows 2012 R2 setup:

On the AD controller, you need to install Identity Management for UNIX in servermanagement.

You can find the documentation from ms here

Then you can setup uid, gid and users shell from the AD usermanagmenttool.

RHEL6 setup:

Enable EPEL first, and install the adcli package. It will pull all the required files.

Then run adcli join your.ad.domain

If you get an error about reverse dns you can change rdns = false in /etc/krb5.conf

While in there, also change the default_realm into your.ad.domain

Now the rhel machine should be a member of your domain, and you should be able to see it in the useradmin tool on windows.

Next, install SSSD with yum and create /etc/ssd/sssd.conf with your favorite editor (Read, vim)

Note that logging (debug_level) is set pretty high, so you should probably change these later when things are working fine. Also shortnames is enabled, so that you can use username instead of username@your.ad.domain.

Enable SNMP on vmware 5.5 ESXi

Trying to start snmpd on vmware from where i get the following error:
Call "HostServiceSystem.Start" for object "serviceSystem" on ESXi "10.0.0.5" failed.

Turns out that more people are having this problem on ESXi, but there is an easy fix.
ssh into your server and run:

• esxcli system snmp set --communities public
• esxcli system snmp set --enable true
• /etc/init.d/snmpd restart

More info i found here: http://everythingshouldbevirtual.com/vsphere-5-5-enable-snmp

Using Active Directory on 2012 R2 to authenticate AFP shares on nas4free

After setting up AD authentication on nas4free 9.2 i noticed my AFP share for timemachine stopped working. Turns out that AFP supports AD AUTH, but its not possible to setup that in the webui.

But there is a workaround. Login on nas4free with ssh and run:

cd /etc/uams

rm uams_clrtxt.so uams_dhx.so uams_dhx2.so

ln -s uams_dhx2_pam.so uams_dhx2.so

ln -s uams_dhx_pam.so uams_dhx.so

ln -s uams_pam.so uams_clrtxt.so

This was tested with windows 2012 R2 and nas4free version 9.2.0.1

windows 2012 R2 external NTP settings

On Windows 2012 R2 you can use the following commands to setup ntp against the public pool provided by ntp.org

You should keep your primary DC in sync, so it will give right time to all your computers in the domain. To find your clocksource run: netdom /query fsmo

• Start cmd.exe as administrator
• net stop w32time
• w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
• w32tm /config /reliable:yes
• net start w32time

Now your time should be in sync, and get replicated to all your clients.
If you got a reliable clock source, you should consider joining the ntp project.

Logout of netflix on samsung smarttv

It looks like Netflix forgot to make an logout function in their smartapp. After som googling i found a solution that sounded like a joke. Turns out.... it works ;)

Start netflix, og push the following code on your remote:
UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT UP UP UP UP

And voila, a hidden menu with logout options.
Konami code flashback anyone?