Blogger.com has added a comment system and some other enhancements to their service. I'll only be turning on the commenting system on a selective basis for any site news posts, but all of the posts in the Tech Blog will have comments turned on.
Right now, you'll need to be a member of Blogger.com if you want to leave a comment. (I may change that down the road once I test out to see how well Blogger.com has implemented anti-spammer measures.)
Sunday, May 30, 2004
Wednesday, May 19, 2004
Tyan Trinity KT400 S2495 Performance
Now that the new motherboard is finally bedded in, it's rather enjoyable compared to the old motherboard. On the old box, the fastest that the Promise FastTrak100 TX2 RAID1 array would every transfer data was around 5-6 MB/s, if it was feeling perky. Sometimes it would degrade down to only 2-3 MB/s. (However, I blame a lot of that on the PCI Latency issue.)
Same drives, same RAID card on the new motherboard easily handles data rates upwards of 20 MB/s, copying from point to point on the drive usually averages 10-15 MB/s. And I've seen peak rates of 30 MB/s. As a comparison, my video cap box with a 5400rpm ATA/100 drive and a 7200rpm SATA/150 drive can hit 32-36 MB/s when copying video files from one drive to the other.
So, even with all of the nuisance of getting everything installed properly, it seems to be performing up to expectations and is turning out to have been worth it.
Same drives, same RAID card on the new motherboard easily handles data rates upwards of 20 MB/s, copying from point to point on the drive usually averages 10-15 MB/s. And I've seen peak rates of 30 MB/s. As a comparison, my video cap box with a 5400rpm ATA/100 drive and a 7200rpm SATA/150 drive can hit 32-36 MB/s when copying video files from one drive to the other.
So, even with all of the nuisance of getting everything installed properly, it seems to be performing up to expectations and is turning out to have been worth it.
Saturday, May 15, 2004
Tyan Trinity KT400 S2495 (part 2)
More fun with the Tyan Trinity KT400 S2495 board. While attempting to add the Promise FastTrak TX2 PCI RAID card, everything is happy until I go and connect drives to it and define an array. After that, if the Adaptec 2930CU PCI SCSI card is also installed, the system will not boot. I have the HighPoint HPT372N IDE RAID ports disabled in the BIOS and the Silicon Image Sil3112 SATA ports enabled.
Symptom of the boot issue is that the Sil3112 BIOS splash will not appear during the boot process. System will then hang before or at the ESCD/DMI update point (right before it boots from a device).
1. (neither TX2 or 2930CU) = boots
2. TX2 only = boots
3. 2930CU only = boots
4. 2930CU + TX2 = won't boot
Once I remove either of the TX2 or the 2930CU cards, things work fine. I've stripped the 2930CU card, hooked the primary drives up to the TX2 RAID, left the scratch drive hooked to the Sil3112 SATA ports, swapped the SCSI CD-ROM / tape drive / zip drive for an IDE CD-RW and an IDE DVD-ROM/CD-RW drive.
During the install of Windows 2000, I hit F6 during the boot and install both the TX2 and the Sil3112 drivers. This will avoid the issue where the boot order of the drives changes later when I add the Sil3112 driver post-install.
(I've lost count... this is something like my 6th attempt at getting Windows 2000 up and running on this motherboard.)
Update: Everything looks fine so far, my first test copy of 2GB worth of data checked out okay with the MD5 tool (copying from the network to the TX2 RAID array as well as from the network to the Sil3112 SATA scratch drive). Got everything patched and I'm now copying live data files onto the array.
Tyan Trinity KT400 (S2495)
3x512MB PC2100 RAM
AthlonXP 1800+ CPU
Promise FastTrak TX2 PCI IDE card
2x250GB 7200rpm drives, 8MB cache (o/s)
Silicon Image Sil3112 SATA ports (built-in)
200GB SATA 7200rpm drive (scratch)
IDE CD-RW
IDE DVD-ROM/CD-RW
Symptom of the boot issue is that the Sil3112 BIOS splash will not appear during the boot process. System will then hang before or at the ESCD/DMI update point (right before it boots from a device).
1. (neither TX2 or 2930CU) = boots
2. TX2 only = boots
3. 2930CU only = boots
4. 2930CU + TX2 = won't boot
Once I remove either of the TX2 or the 2930CU cards, things work fine. I've stripped the 2930CU card, hooked the primary drives up to the TX2 RAID, left the scratch drive hooked to the Sil3112 SATA ports, swapped the SCSI CD-ROM / tape drive / zip drive for an IDE CD-RW and an IDE DVD-ROM/CD-RW drive.
During the install of Windows 2000, I hit F6 during the boot and install both the TX2 and the Sil3112 drivers. This will avoid the issue where the boot order of the drives changes later when I add the Sil3112 driver post-install.
(I've lost count... this is something like my 6th attempt at getting Windows 2000 up and running on this motherboard.)
Update: Everything looks fine so far, my first test copy of 2GB worth of data checked out okay with the MD5 tool (copying from the network to the TX2 RAID array as well as from the network to the Sil3112 SATA scratch drive). Got everything patched and I'm now copying live data files onto the array.
Tyan Trinity KT400 (S2495)
3x512MB PC2100 RAM
AthlonXP 1800+ CPU
Promise FastTrak TX2 PCI IDE card
2x250GB 7200rpm drives, 8MB cache (o/s)
Silicon Image Sil3112 SATA ports (built-in)
200GB SATA 7200rpm drive (scratch)
IDE CD-RW
IDE DVD-ROM/CD-RW
More trouble with the Tyan
So... this is definitely a taxing of my patience when installing hardware.
The latest problem is that if I copy a file from the network to the HighPoint RAID 1 array... it gets corrupted. (Using a MD5 tool to verify content.) However, if I verify the file up on the network server, it's correct. And copying it to the SATA scratch drive, it copies cleanly.
So I'm at a bit of a loss at the moment (and running MemTest86 while I ponder).
Off-hand, plan B is to make sure I have the latest and greatest BIOS installed (if I can get the BIOS to install, unlike my last attempt). I'm sure I have the latest drivers, but I'll double-check that again in the morning.
Plan C is to ditch the highpoint RAID and try the Promise IDE RAID card again.
Plan D would be to buy a 3Ware 2-port PATA RAID card.
Update: Well, I went with plan E. In a few places on the web I read 2 things.
1) HighPoint BIOS, when included on the motherboard, is generally not user-updatable. Instead, it's part of the mainboard's BIOS and thus updated when you update the motherboard's BIOS.
2) The driver version that you use should match that of the BIOS. I have a HPT372N with 2.345 of the BIOS. However, I was attempting to use 2.351 of the Windows 2000 device driver. Updating the driver to 2.345 (yes, Windows will actually say the older version is a better match) seems to have fixed the issue.
So right now, it looks like the data corruption bug is fixed. (It only affected files copied to the drive from another server, not the service packs that I installed from CD or from the web site.) Needless to say, I'll be doing some more testing with wxChecksum (MD5 utility) to verify that stuff is copying down correctly.
Update #2: The system is still corrupting files that as they are written to the HighPoint RAID array. Especially when the system is under load, copying files to both the HighPoint and the SATA drives at the same time. Copying from the network to the SATA drive works properly, but copying from the network or the SATA to the IDE RAID causes data corruption.
I'm now going to remove the HPT from the BIOS, and put the drives back on the Promise FastTrak100 TX2 IDE RAID card.
The latest problem is that if I copy a file from the network to the HighPoint RAID 1 array... it gets corrupted. (Using a MD5 tool to verify content.) However, if I verify the file up on the network server, it's correct. And copying it to the SATA scratch drive, it copies cleanly.
So I'm at a bit of a loss at the moment (and running MemTest86 while I ponder).
Off-hand, plan B is to make sure I have the latest and greatest BIOS installed (if I can get the BIOS to install, unlike my last attempt). I'm sure I have the latest drivers, but I'll double-check that again in the morning.
Plan C is to ditch the highpoint RAID and try the Promise IDE RAID card again.
Plan D would be to buy a 3Ware 2-port PATA RAID card.
Update: Well, I went with plan E. In a few places on the web I read 2 things.
1) HighPoint BIOS, when included on the motherboard, is generally not user-updatable. Instead, it's part of the mainboard's BIOS and thus updated when you update the motherboard's BIOS.
2) The driver version that you use should match that of the BIOS. I have a HPT372N with 2.345 of the BIOS. However, I was attempting to use 2.351 of the Windows 2000 device driver. Updating the driver to 2.345 (yes, Windows will actually say the older version is a better match) seems to have fixed the issue.
So right now, it looks like the data corruption bug is fixed. (It only affected files copied to the drive from another server, not the service packs that I installed from CD or from the web site.) Needless to say, I'll be doing some more testing with wxChecksum (MD5 utility) to verify that stuff is copying down correctly.
Update #2: The system is still corrupting files that as they are written to the HighPoint RAID array. Especially when the system is under load, copying files to both the HighPoint and the SATA drives at the same time. Copying from the network to the SATA drive works properly, but copying from the network or the SATA to the IDE RAID causes data corruption.
I'm now going to remove the HPT from the BIOS, and put the drives back on the Promise FastTrak100 TX2 IDE RAID card.
Thursday, May 13, 2004
Tyan KT400 Windows 2000 Boot Failure
So after installing the 2nd round of patches (first round of patches was installing SP4 using WindowsUpdate), the system fails to start:
Windows 2000 could not start because the following file is missing or corrupt:
(something)\System32\Ntoskrnl.exe
Please re-install a copy of the above file.
Possibly, this is error 319011 from Microsoft, which indicates a corrupted BOOT.INI file. Could be, since I just installed the driver for another disk in the system (hooked up a scratch drive to the SATA interface) in the previous WindowsUpdate. This may have knocked my IDs around so that the BOOT.INI file is no longer correct.
Steps that they say to use, but which did NOT work for me:
1. Boot the Windows 2000 install CD
2. [F6] to load the device drivers for the boot array (in my case, HighPoint HPT372N IDE RAID).
3. Get to the point where you can pick [R]epair.
4. Choose [C]onsole, which should dump you at a command prompt (after you enter the local Administrator password).
5. Rename the existing BOOT.INI file in the root of C:, then copy a good BOOT.INI file off of a floppy.
6. Verify that the correct NTBootDD.SYS file exists (troubleshooting), and is in the correct place on the boot drive. (Only if you have SCSI drives that you're attempting to boot from, the HighPoint RAID doesn't seem to use the NTBOOTDD.SYS file.)
Here's what my broken BOOT.INI file looks like (see 102873: BOOT.INI and ARC Path Naming Conventions and Usage):
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server" /fastdetect
Here's what my recovery BOOT.INI file looks like (note the change on the default= line, and the addition of a second multi(x) line under [operating systems], also note the long timeout value):
[boot loader]
timeout=120
default=multi(1)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server" /fastdetect
multi(1)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server (HPT372N)" /fastdetect
Unfortunately, no matter what combination of scsi(x) or multi(x) I tried at the start of the line, or putting the driver file on the boot diskette (renamed as NTBootDD.SYS) would get me past the wonderful "Could not read from the selected boot disk" error. At one point, I had a boot diskette with (8) different combinations of boot lines that I had tried.
Hint: The boot diskette is great for testing out BOOT.INI changes, it boots up quickly compared to waiting for the system to boot.
I'm going to try plan B, which is to reinstall... but during the Setup CD when I hit F6, I'm going to install both the HighPoint and the Silicon Image drivers. That way, setup will see all of the disks in the system during the initial install and will hopefully write out a correct BOOT.INI file.
Windows 2000 could not start because the following file is missing or corrupt:
(something)\System32\Ntoskrnl.exe
Please re-install a copy of the above file.
Possibly, this is error 319011 from Microsoft, which indicates a corrupted BOOT.INI file. Could be, since I just installed the driver for another disk in the system (hooked up a scratch drive to the SATA interface) in the previous WindowsUpdate. This may have knocked my IDs around so that the BOOT.INI file is no longer correct.
Steps that they say to use, but which did NOT work for me:
1. Boot the Windows 2000 install CD
2. [F6] to load the device drivers for the boot array (in my case, HighPoint HPT372N IDE RAID).
3. Get to the point where you can pick [R]epair.
4. Choose [C]onsole, which should dump you at a command prompt (after you enter the local Administrator password).
5. Rename the existing BOOT.INI file in the root of C:, then copy a good BOOT.INI file off of a floppy.
6. Verify that the correct NTBootDD.SYS file exists (troubleshooting), and is in the correct place on the boot drive. (Only if you have SCSI drives that you're attempting to boot from, the HighPoint RAID doesn't seem to use the NTBOOTDD.SYS file.)
Here's what my broken BOOT.INI file looks like (see 102873: BOOT.INI and ARC Path Naming Conventions and Usage):
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server" /fastdetect
Here's what my recovery BOOT.INI file looks like (note the change on the default= line, and the addition of a second multi(x) line under [operating systems], also note the long timeout value):
[boot loader]
timeout=120
default=multi(1)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server" /fastdetect
multi(1)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Server (HPT372N)" /fastdetect
Unfortunately, no matter what combination of scsi(x) or multi(x) I tried at the start of the line, or putting the driver file on the boot diskette (renamed as NTBootDD.SYS) would get me past the wonderful "Could not read from the selected boot disk" error. At one point, I had a boot diskette with (8) different combinations of boot lines that I had tried.
Hint: The boot diskette is great for testing out BOOT.INI changes, it boots up quickly compared to waiting for the system to boot.
I'm going to try plan B, which is to reinstall... but during the Setup CD when I hit F6, I'm going to install both the HighPoint and the Silicon Image drivers. That way, setup will see all of the disks in the system during the initial install and will hopefully write out a correct BOOT.INI file.
Tyan Trinity KT400
So I'm finally ditching the very troublesome Asus A7V266-E motherboard in my one file server. I went with the Tyan Trinity KT400 because it was relatively inexpensive and I was able to simply move my AthlonXP 1800+ CPU and my 512MB PC2100 memory modules over to the new motherboard.
The old A7V266-E is a VIA-based chipset that was notorious for problems with the PCI bus (search around for KT266 and PCI latency, or check the PCI Latency Patch page). (And that's on top of the issue that the A7V266-E Promise FastTrak100 Lite only supports 127GB and smaller drives.) For me, it manifested itself as an incompatibility with my add-in Adaptec USB card. Anytime I had activity on the USB bus, the entire machine would halt for a few seconds at a time. Extremely annoying and the only way that I got around it was to not install the Adaptec 3100 USB PCI card.
So, getting a new motherboard should be easy right? Ha ha ha ha ha ha! (picks self back up off of the floor)
Well, before I start into the problems encountered... first I want to point you at what Tyan does correctly. They make a very pretty manual. When showing you the diagrams of various jumpers / pin-outs on the motherboard, they use very large text to draw your eye to the proper portion of the diagram. It's rather well done, and makes it easy to flip through the book looking for, say, the FAN3 pin-out location. Secondly, their motherboard includes the little 2-digit hexadecimal LED that shows you where the boot process is. Usually, you have to buy an inexpensive add-in card (and I'm not even sure you can get them for PCI?).
Unfortunately, one of the things that they do poorly is the presentation of device drivers for their products. Most motherboard manufacturers have a dedicated search engine, or a seperate page for each product. And each page points to a local copy of all of the BIOS files, device drivers and manuals. Tyan, OTOH, has a single page for BIOS, a single page for all their motherboards, a single page for RAID adapters (for all motherboards). Worse, they rely on external websites to supply some of the drivers (e.g. their link to the VIA 4-in-1 driver set is useless since VIA has rearranged their site). That's a real problem if you're not a grizzled vetran of DIY PC building.
So let's see... first issue is that the battery that came with the motherboard appears to be dead. Removing power from the motherboard causes the BIOS clock to reset to the default of Jan 1 2003. Replacing that was easy, I just stole the CR2032 battery from the old motherboard.
Next up, I plugged the (2) 250GB 7200rpm WD drives into the motherboard IDE RAID (HighPoint HPT372N), booted up on the SCSI CD-ROM and attempted to install Win2000 server. Nada... tried 3x, with re-formatting the disk each time in case of read errors, but after you load the driver, Win2000 setup cannot see the HTP RAID that I had configured.
Okay, plan B, put a Promise FastTrak100 TX2 card in, hook the drives to that... spend another few hours setting up the drive array. Now, the system refused to boot. It gets to the ECSD/DMI portion (where it's setting up the PCI slots, figuring out what's where), but will not boot from the floppy or the CD-ROM. Pull the Promise card back out, system boots up on the floppy or CD-ROM without a problem... put card back in, nada. Updated the Tyan Trinity KT400 motherboard BIOS from 1.02 to 1.05, with no change in the situation. The motherboard will not boot with the Promise card installed, regardless whether the onboard IDE RAID is enabled or disabled.
My next plan is now to try the HighPoint RAID again, possibly updating the HighPoint RAID BIOS (once I wait a few hours for the HighPoint array to finish duplicating itself again, my estimate is it takes 4-5 hours to create the 250GB array, roughly 45-60GB/hr). Note, when trying to figure out which of the BIOS files to load into memory (e.g. my disk has BIOS\3xxv235.p4e, BIOS\3xxv235.p5e, and BIOS\3xxv235.p6e), refer to the README.TXT file on the root of the floppy. Under section 2, there is a file listing that will tell you which BIOS file goes with which controller chip. (e.g. I have a HPT372N, so I use the .P5E file)
Next error (loading the HPT BIOS). I run the LOAD.EXE file, enter the BIOS file name (3XXV2351.P5E), it then errors out with:
A:\BIOS> LOAD
Please input BIOS image file name: 3XXV2351.P5E
Found adapter at bus 0, device 14
No loadable EPROM found
Try '-i' option
A:\BIOS> LOAD /I 3XXV2351.P5E
Found adapter at bus 0, device 14
No loadable EPROM found
Found adapter at bus 0, device 14
No loadable EPROM found
Hmm... oh, wait... looks like the P4E file is also for the 372N chip.
A:\BIOS> LOAD 3XXV2351.P4E
No supporting host adapter is found
Okay... (drums fingers on desk), eh, forget it for now. I have v2.345 already, which is reasonably up-to-date. And this time, the Win2k install seems to have found the partition correctly (only basic difference between now and when it didn't work last night is the motherboard BIOS revision update from 1.02 to 1.05).
Created my 16GB C: partition, and I'm off and installing. Later, I get to test my recovery strategy (going to try to restore the system state through a non-authoritative restore).
The old A7V266-E is a VIA-based chipset that was notorious for problems with the PCI bus (search around for KT266 and PCI latency, or check the PCI Latency Patch page). (And that's on top of the issue that the A7V266-E Promise FastTrak100 Lite only supports 127GB and smaller drives.) For me, it manifested itself as an incompatibility with my add-in Adaptec USB card. Anytime I had activity on the USB bus, the entire machine would halt for a few seconds at a time. Extremely annoying and the only way that I got around it was to not install the Adaptec 3100 USB PCI card.
So, getting a new motherboard should be easy right? Ha ha ha ha ha ha! (picks self back up off of the floor)
Well, before I start into the problems encountered... first I want to point you at what Tyan does correctly. They make a very pretty manual. When showing you the diagrams of various jumpers / pin-outs on the motherboard, they use very large text to draw your eye to the proper portion of the diagram. It's rather well done, and makes it easy to flip through the book looking for, say, the FAN3 pin-out location. Secondly, their motherboard includes the little 2-digit hexadecimal LED that shows you where the boot process is. Usually, you have to buy an inexpensive add-in card (and I'm not even sure you can get them for PCI?).
Unfortunately, one of the things that they do poorly is the presentation of device drivers for their products. Most motherboard manufacturers have a dedicated search engine, or a seperate page for each product. And each page points to a local copy of all of the BIOS files, device drivers and manuals. Tyan, OTOH, has a single page for BIOS, a single page for all their motherboards, a single page for RAID adapters (for all motherboards). Worse, they rely on external websites to supply some of the drivers (e.g. their link to the VIA 4-in-1 driver set is useless since VIA has rearranged their site). That's a real problem if you're not a grizzled vetran of DIY PC building.
So let's see... first issue is that the battery that came with the motherboard appears to be dead. Removing power from the motherboard causes the BIOS clock to reset to the default of Jan 1 2003. Replacing that was easy, I just stole the CR2032 battery from the old motherboard.
Next up, I plugged the (2) 250GB 7200rpm WD drives into the motherboard IDE RAID (HighPoint HPT372N), booted up on the SCSI CD-ROM and attempted to install Win2000 server. Nada... tried 3x, with re-formatting the disk each time in case of read errors, but after you load the driver, Win2000 setup cannot see the HTP RAID that I had configured.
Okay, plan B, put a Promise FastTrak100 TX2 card in, hook the drives to that... spend another few hours setting up the drive array. Now, the system refused to boot. It gets to the ECSD/DMI portion (where it's setting up the PCI slots, figuring out what's where), but will not boot from the floppy or the CD-ROM. Pull the Promise card back out, system boots up on the floppy or CD-ROM without a problem... put card back in, nada. Updated the Tyan Trinity KT400 motherboard BIOS from 1.02 to 1.05, with no change in the situation. The motherboard will not boot with the Promise card installed, regardless whether the onboard IDE RAID is enabled or disabled.
My next plan is now to try the HighPoint RAID again, possibly updating the HighPoint RAID BIOS (once I wait a few hours for the HighPoint array to finish duplicating itself again, my estimate is it takes 4-5 hours to create the 250GB array, roughly 45-60GB/hr). Note, when trying to figure out which of the BIOS files to load into memory (e.g. my disk has BIOS\3xxv235.p4e, BIOS\3xxv235.p5e, and BIOS\3xxv235.p6e), refer to the README.TXT file on the root of the floppy. Under section 2, there is a file listing that will tell you which BIOS file goes with which controller chip. (e.g. I have a HPT372N, so I use the .P5E file)
Next error (loading the HPT BIOS). I run the LOAD.EXE file, enter the BIOS file name (3XXV2351.P5E), it then errors out with:
A:\BIOS> LOAD
Please input BIOS image file name: 3XXV2351.P5E
Found adapter at bus 0, device 14
No loadable EPROM found
Try '-i' option
A:\BIOS> LOAD /I 3XXV2351.P5E
Found adapter at bus 0, device 14
No loadable EPROM found
Found adapter at bus 0, device 14
No loadable EPROM found
Hmm... oh, wait... looks like the P4E file is also for the 372N chip.
A:\BIOS> LOAD 3XXV2351.P4E
No supporting host adapter is found
Okay... (drums fingers on desk), eh, forget it for now. I have v2.345 already, which is reasonably up-to-date. And this time, the Win2k install seems to have found the partition correctly (only basic difference between now and when it didn't work last night is the motherboard BIOS revision update from 1.02 to 1.05).
Created my 16GB C: partition, and I'm off and installing. Later, I get to test my recovery strategy (going to try to restore the system state through a non-authoritative restore).
Tuesday, May 11, 2004
SubVersion install on Gentoo
Working on setting up subversion on the box. I've already emerged in the apache and subversion ebuilds, now I'm working on some other configuration information. My plan is to store my respository in /svn, in it's own logical volume. (Very similar to when I created my "media" logical volume in the vgmedia volume group.)
# lvcreate -L4G -nsvn vguser
# mke2fs -j -c /dev/vguser/svn
# mkdir /svn
# mount /dev/vguser/svn /svn
# nano -w /etc/fstab
SubVersion book, chapter 6, section 4 covers how to configure Apache2 for SVN. One key thing that bit me is that if you already have apache2 installed, you need to also set the apache2 USE flag prior to emerging subversion.
More later... I have to wait for apache/subversion to re-emerge.
# lvcreate -L4G -nsvn vguser
# mke2fs -j -c /dev/vguser/svn
# mkdir /svn
# mount /dev/vguser/svn /svn
# nano -w /etc/fstab
SubVersion book, chapter 6, section 4 covers how to configure Apache2 for SVN. One key thing that bit me is that if you already have apache2 installed, you need to also set the apache2 USE flag prior to emerging subversion.
More later... I have to wait for apache/subversion to re-emerge.
Saturday, May 08, 2004
Gentoo Samba (round 3)
(previous post, samba round 2)
Well, after a busy week at work, I finally had time to log back into my little VIA EPIA server running Gentoo Linux. In my previous post, I had re-emerged the latest version of samba (v3), but I never had time to go back and try things out again after the emerge finished.
The original problem was that I couldn't find the "net" command, which turns out to be because I was using Samba v2 instead of Samba v3. I just logged into the box, su'd to root, and typed "net".
Bingo! I now have a "net" command!
So now I need to add the box to the ADS domain, and do all that other config stuff that I hadn't figured out yet. (Hint for newbies to a linux system, keep a running blog like this and use software like SecureCRT with logging enabled so that you can trace your steps.)
# kinit administrator@intra.tgharold.org
Password for administrator@intra.tgharold.org: ******
kinit(v5): KDC reply did not match expectations while getting initial credentials
Whoops, back to the KDC error... my /etc/krb5kdc/kdc.conf file looks fine at first glance, so does my /etc/krb5.conf file. Hmmm.... oh, wait, wrong kinit command, ADS domain must be in CAPS:
# kinit administrator@INTRA.TGHAROLD.ORG
Password for administrator@INTRA.TGHAROLD.ORG: ******
#
That did it! Next step is to join the ADS domain:
# net ads join
[2004/05/08 13:54:25, 0] param/loadparm.c:map_parameter(2410)
Unknown parameter encountered: "realm"
[2004/05/08 13:54:25, 0] param/loadparm.c:lp_do_parameter(3048)
Ignoring unknown parameter "realm"
[2004/05/08 13:54:25, 0] param/loadparm.c:map_parameter(2410)
Unknown parameter encountered: "ads server"
[2004/05/08 13:54:25, 0] param/loadparm.c:lp_do_parameter(3048)
Ignoring unknown parameter "ads server"
ADS support not compiled in
Looks like I missed another trick (no ADS support compiled in). FYI, running the following command should've given me a hint that something was still not ready:
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "realm"
Ignoring unknown parameter "realm"
Unknown parameter encountered: "ads server"
Ignoring unknown parameter "ads server"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = INTRA
netbios name = NAZUMI
server string = Samba Server %v
local master = No
domain master = No
Heh, but being lazy, I ignored the error messages and pressed onward. Back to google for a bit. Found the answer on the samba website 9.3.1. Possible errors "ADS support not compiled in": Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.
# find / -name config.cache
/usr/portage/app-admin/puregui/files/config.cache
Okay, skip that for the moment... let's go investigate my USE flags. A recommended tool for that is "ufed" (which if you don't have can be emerged by "emerge ufed"). It also shows one-liner descriptions of what each USE flag represents (or you can look at /usr/portage/profiles/use.desc). The only file modified by ufed is /etc/make.conf (represented by the 3rd position in the 3-character indicator after each USE flag).
# emerge info
Portage 2.0.50-r6 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.3)
=================================================================
System uname: 2.6.3 i686 VIA Samuel 2
Gentoo Base System version 1.4.3.13
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-Os -march=i586 -m3dnow -fomit-frame-pointer"
CHOST="i586-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-Os -march=i586 -m3dnow -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://212.219.247.19/sites/www.ibiblio.org/gentoo/ http://212.219.247.18/sites/www.ibiblio.org/gentoo/ http://212.219.247.20/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X apm arts avi berkdb crypt cups encode foomaticdb gdbm gif gnome gpm gtk gtk2 imlib jpeg kde libg++ libwww mad mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xv zlib"
There's probably a good bit of stuff that I should remove from the USE= line, but I'm not entirely sure what's needed and what's not yet. I don't think I need to add "samba" there because I'm not interested in accessing other samba shares on the network (yet).
Okay, back to the main thread... reading the samba guide a bit more, it indicates that I need the kerberos development libraries installed. It looks like I have those installed:
# ls -1 /usr/lib/*krb*
/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib/libkrb5.so
/usr/lib/libkrb5.so.3
/usr/lib/libkrb5.so.3.2
Okay, so I need to do some digging... a lot of places recommend using "etcat" to query ebuild information to find out what use flags are available, what got used during the compile. However, in order to use etcat, you need to "emerge gentoolkit". Takes about 5 minutes to install (if that).
# etcat versions samba
[ Results for search key : samba ]
[ Candidate applications found : 7 ]
Only printing found installed programs.
* net-fs/samba :
[ ] 2.2.8a (0)
[M~ ] 3.0.0-r1 (0)
[M ] 3.0.1 (0)
[M~ ] 3.0.1-r1 (0)
[M~ ] 3.0.2a (0)
[M~ ] 3.0.2a-r1 (0)
[ I] 3.0.2a-r2 (0)
Shows that I have 3.0.3a-r2 installed ("I"). All of the other v3 are masked ("M") and/or tagged as unstable ("~").
#etcat uses samba
[ Colour Code : set unset ]
[ Legend : (U) Col 1 - Current USE flags ]
[ : (I) Col 2 - Installed With USE flags ]
U I [ Found these USE variables in : net-fs/samba-3.0.2a-r2 ]
- - kerberos : Adds kerberos support
- - mysql : Adds mySQL support
- - xml : Check/Support flag for XML library (version 1)
- - acl : Adds support for Access Control Lists
+ + cups : Add support for CUPS (Common Unix Printing System)
- - ldap : Adds LDAP support (Lightweight Directory Access Protocol)
+ + pam : Adds support PAM (Pluggable Authentication Modules)
+ + readline : enables support for libreadline, a GNU line-editing library that most everyone wants.
+ + python : Adds support/bindings for the Python language
- - oav : Adds support for anti-virus from the openantivirus.org project
A bit uglier... samba doesn't have kerberos support included. And looking back at the output of "emerge info" I see that the kerberos USE flag isn't listed there. This would be changed by the /etc/make.conf file (or using "ufed" to edit). The USE= line in my /etc/make.conf is empty, so I'll fire up ufed, tag kerberos, and save. Now, run the "etcat uses samba" again and notice that the kerberos USE flag now has a '+' under the 'U' column, but a '-' under the 'I' (installed) column. Since I can't find a config.cache file that looks like it belongs to samba, I'm just going to check the package status with emerge.
# emerge -p samba
(shows a "R" flag after the ebuild, looking at "man emerge" that indicates that the package is already installed, but that "emerge samba" again will recompile)
# emerge samba
(go away for a bit... samba takes a while to compile, 30-60 minutes or so)
# etcat uses samba
(now shows kerberos in green, as installed)
# testparm /etc/samba/smb.conf
(still complains about "realm" and "ads server" in the /etc/samba/smb.conf file)
Okay, so I'm not sure what the next step is... I'll have to google again later when I'm not as frustrated. Samba is still complaining that "ADS support is not compiled in". The only "config.cache" file on the system is from July 2001 and is not in the samba folder.
Update: The missing piece was that I hadn't configured both the kerberos and ldap USE flags in my make.conf file.
Well, after a busy week at work, I finally had time to log back into my little VIA EPIA server running Gentoo Linux. In my previous post, I had re-emerged the latest version of samba (v3), but I never had time to go back and try things out again after the emerge finished.
The original problem was that I couldn't find the "net" command, which turns out to be because I was using Samba v2 instead of Samba v3. I just logged into the box, su'd to root, and typed "net".
Bingo! I now have a "net" command!
So now I need to add the box to the ADS domain, and do all that other config stuff that I hadn't figured out yet. (Hint for newbies to a linux system, keep a running blog like this and use software like SecureCRT with logging enabled so that you can trace your steps.)
# kinit administrator@intra.tgharold.org
Password for administrator@intra.tgharold.org: ******
kinit(v5): KDC reply did not match expectations while getting initial credentials
Whoops, back to the KDC error... my /etc/krb5kdc/kdc.conf file looks fine at first glance, so does my /etc/krb5.conf file. Hmmm.... oh, wait, wrong kinit command, ADS domain must be in CAPS:
# kinit administrator@INTRA.TGHAROLD.ORG
Password for administrator@INTRA.TGHAROLD.ORG: ******
#
That did it! Next step is to join the ADS domain:
# net ads join
[2004/05/08 13:54:25, 0] param/loadparm.c:map_parameter(2410)
Unknown parameter encountered: "realm"
[2004/05/08 13:54:25, 0] param/loadparm.c:lp_do_parameter(3048)
Ignoring unknown parameter "realm"
[2004/05/08 13:54:25, 0] param/loadparm.c:map_parameter(2410)
Unknown parameter encountered: "ads server"
[2004/05/08 13:54:25, 0] param/loadparm.c:lp_do_parameter(3048)
Ignoring unknown parameter "ads server"
ADS support not compiled in
Looks like I missed another trick (no ADS support compiled in). FYI, running the following command should've given me a hint that something was still not ready:
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "realm"
Ignoring unknown parameter "realm"
Unknown parameter encountered: "ads server"
Ignoring unknown parameter "ads server"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = INTRA
netbios name = NAZUMI
server string = Samba Server %v
local master = No
domain master = No
Heh, but being lazy, I ignored the error messages and pressed onward. Back to google for a bit. Found the answer on the samba website 9.3.1. Possible errors "ADS support not compiled in": Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.
# find / -name config.cache
/usr/portage/app-admin/puregui/files/config.cache
Okay, skip that for the moment... let's go investigate my USE flags. A recommended tool for that is "ufed" (which if you don't have can be emerged by "emerge ufed"). It also shows one-liner descriptions of what each USE flag represents (or you can look at /usr/portage/profiles/use.desc). The only file modified by ufed is /etc/make.conf (represented by the 3rd position in the 3-character indicator after each USE flag).
# emerge info
Portage 2.0.50-r6 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.3)
=================================================================
System uname: 2.6.3 i686 VIA Samuel 2
Gentoo Base System version 1.4.3.13
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-Os -march=i586 -m3dnow -fomit-frame-pointer"
CHOST="i586-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-Os -march=i586 -m3dnow -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://212.219.247.19/sites/www.ibiblio.org/gentoo/ http://212.219.247.18/sites/www.ibiblio.org/gentoo/ http://212.219.247.20/sites/www.ibiblio.org/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X apm arts avi berkdb crypt cups encode foomaticdb gdbm gif gnome gpm gtk gtk2 imlib jpeg kde libg++ libwww mad mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xv zlib"
There's probably a good bit of stuff that I should remove from the USE= line, but I'm not entirely sure what's needed and what's not yet. I don't think I need to add "samba" there because I'm not interested in accessing other samba shares on the network (yet).
Okay, back to the main thread... reading the samba guide a bit more, it indicates that I need the kerberos development libraries installed. It looks like I have those installed:
# ls -1 /usr/lib/*krb*
/usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_krb5.so.2
/usr/lib/libgssapi_krb5.so.2.2
/usr/lib/libkrb5.so
/usr/lib/libkrb5.so.3
/usr/lib/libkrb5.so.3.2
Okay, so I need to do some digging... a lot of places recommend using "etcat" to query ebuild information to find out what use flags are available, what got used during the compile. However, in order to use etcat, you need to "emerge gentoolkit". Takes about 5 minutes to install (if that).
# etcat versions samba
[ Results for search key : samba ]
[ Candidate applications found : 7 ]
Only printing found installed programs.
* net-fs/samba :
[ ] 2.2.8a (0)
[M~ ] 3.0.0-r1 (0)
[M ] 3.0.1 (0)
[M~ ] 3.0.1-r1 (0)
[M~ ] 3.0.2a (0)
[M~ ] 3.0.2a-r1 (0)
[ I] 3.0.2a-r2 (0)
Shows that I have 3.0.3a-r2 installed ("I"). All of the other v3 are masked ("M") and/or tagged as unstable ("~").
#etcat uses samba
[ Colour Code : set unset ]
[ Legend : (U) Col 1 - Current USE flags ]
[ : (I) Col 2 - Installed With USE flags ]
U I [ Found these USE variables in : net-fs/samba-3.0.2a-r2 ]
- - kerberos : Adds kerberos support
- - mysql : Adds mySQL support
- - xml : Check/Support flag for XML library (version 1)
- - acl : Adds support for Access Control Lists
+ + cups : Add support for CUPS (Common Unix Printing System)
- - ldap : Adds LDAP support (Lightweight Directory Access Protocol)
+ + pam : Adds support PAM (Pluggable Authentication Modules)
+ + readline : enables support for libreadline, a GNU line-editing library that most everyone wants.
+ + python : Adds support/bindings for the Python language
- - oav : Adds support for anti-virus from the openantivirus.org project
A bit uglier... samba doesn't have kerberos support included. And looking back at the output of "emerge info" I see that the kerberos USE flag isn't listed there. This would be changed by the /etc/make.conf file (or using "ufed" to edit). The USE= line in my /etc/make.conf is empty, so I'll fire up ufed, tag kerberos, and save. Now, run the "etcat uses samba" again and notice that the kerberos USE flag now has a '+' under the 'U' column, but a '-' under the 'I' (installed) column. Since I can't find a config.cache file that looks like it belongs to samba, I'm just going to check the package status with emerge.
# emerge -p samba
(shows a "R" flag after the ebuild, looking at "man emerge" that indicates that the package is already installed, but that "emerge samba" again will recompile)
# emerge samba
(go away for a bit... samba takes a while to compile, 30-60 minutes or so)
# etcat uses samba
(now shows kerberos in green, as installed)
# testparm /etc/samba/smb.conf
(still complains about "realm" and "ads server" in the /etc/samba/smb.conf file)
Okay, so I'm not sure what the next step is... I'll have to google again later when I'm not as frustrated. Samba is still complaining that "ADS support is not compiled in". The only "config.cache" file on the system is from July 2001 and is not in the samba folder.
Update: The missing piece was that I hadn't configured both the kerberos and ldap USE flags in my make.conf file.
Friday, May 07, 2004
Hard Drive Power Requirements
Jottting down some of the V/A power-requirements for some hard-drives. IBM is nice because they print it on the drive, the Maxtors (usually) aren't as helpful. I'm also trying to make sure that the little 200W power-supplies in the light-weight servers like the VIA EPIA can handle the load.
Hitachi Deskstar 180GXP (07N9685) 82.3GB
7200rpm 8MB cache
5V 500mA 12V 700mA (10.9W)
- startup current is 2.0 (+12V) & 0.83A (+5V) 28W, idle is 5.0W
IBM Deskstar (not sure of model)
7200rpm 8MB cache
5V 300mA 12V 500mA (7.5W)
- this is the one that I tossed in the EPIA box, the 180GXP drew too much power (probably a startup-current issue?)
Maxtor DiamondMax 16 160GB
5400rpm 2MB cache ATA/133
5V 585mA 12V 690mA (11.2W)
- label info is diff then data sheet on website (5V 628mA 12V 587mA 10.2W, idle 5.6W)
Maxtor DiamondMax Plus 9 60GB-200GB
7200rpm 2MB or 8MB cache, ATA/133 or SATA/150
5V 858mA 12V 662mA (12.2W)
Western Digital Caviar SE 250GB (WD site)
7200rpm 8MB cache SATA/150
5V 850 mA 12V 530mA (10.6 W), no startup current listed, idle is 10.0W
Maxtor MaxLine II 250GB/300GB
5400rpm 2MB cache ATA/133
5V 593mA 12V 594mA (10.1W)
Maxtor MaxLine II Plus 250GB
7200rpm 8MB cache PATA/133 or SATA/150
5V 921mA 12V 666mA (12.6W)
Western Digital Caviar 200GB
- roughly 12W seeking, 19.0W spin-up, 7.5W idle
Western Digital Caviar 250GB
- roughly 12.5W seeking, 21.4W spin-up, 8.3W idle
Hitachi Deskstar 7K400 400GB
7200rpm 8MB PATA or SATA
- tough guess, only lists startup (29.5W) and idle (9.5W)
Hitachi Deskstar 7K250 250GB
7200rpm 8MB PATA or SATA
- again, no info, startup is 24W, idle is 7.0W
I'm a bit surprised... the 5400rpm drives really don't require that much less power then the 7200rpm drives. 10W vs 12.5W isn't as a big a difference as I had thought it would be. Maxtor doesn't list start-up currents, so it's tough to compare against the IBM/Hitachi drive that I used in the EPIA box that I had the problem with. Still, I suspect that I could indeed drop a pair of the Maxline II 250/300GB drives in an EPIA box without problems.
I'm also looking to start cutting some power-usage as my power bill has crept up from 500KWH per month to 1000KWH per month due to computer equipment. Instead of using a bunch of small disks, I can save power by using fewer larger disks. Combined with using lower-power CPUs and I can probably cut that back to 750KWH without sacrificing large amounts of storage space.
Of course, my 19" monitor eats up 140W... a comparable LCD would probably only eat 40W. I pay 8.3 cents/KWH, so in a 30.4 day month (730 hours), 100W costs me $6.06. Using 667 KWH in a month is roughly 914W per hour (to check my math). A newer ViewSonic p90f 19" ($210) only uses 120W.
So every 10W that I can shave off of power usage saves me $0.61/month ($7.27/yr). Yeah, not a lot, but every little bit does add up. At least LCD displays have fallen enough that they're worth buying just for the power-savings instead of a regular CRT. LCD 17" displays are down to $360 (comparable to a 19" monitor), LCD 15" screens are $275. Power savings is roughly 60-100W, which works out then to $43-$72/yr. Cost difference pays for itself after about 2-3 years.
Hitachi Deskstar 180GXP (07N9685) 82.3GB
7200rpm 8MB cache
5V 500mA 12V 700mA (10.9W)
- startup current is 2.0 (+12V) & 0.83A (+5V) 28W, idle is 5.0W
IBM Deskstar (not sure of model)
7200rpm 8MB cache
5V 300mA 12V 500mA (7.5W)
- this is the one that I tossed in the EPIA box, the 180GXP drew too much power (probably a startup-current issue?)
Maxtor DiamondMax 16 160GB
5400rpm 2MB cache ATA/133
5V 585mA 12V 690mA (11.2W)
- label info is diff then data sheet on website (5V 628mA 12V 587mA 10.2W, idle 5.6W)
Maxtor DiamondMax Plus 9 60GB-200GB
7200rpm 2MB or 8MB cache, ATA/133 or SATA/150
5V 858mA 12V 662mA (12.2W)
Western Digital Caviar SE 250GB (WD site)
7200rpm 8MB cache SATA/150
5V 850 mA 12V 530mA (10.6 W), no startup current listed, idle is 10.0W
Maxtor MaxLine II 250GB/300GB
5400rpm 2MB cache ATA/133
5V 593mA 12V 594mA (10.1W)
Maxtor MaxLine II Plus 250GB
7200rpm 8MB cache PATA/133 or SATA/150
5V 921mA 12V 666mA (12.6W)
Western Digital Caviar 200GB
- roughly 12W seeking, 19.0W spin-up, 7.5W idle
Western Digital Caviar 250GB
- roughly 12.5W seeking, 21.4W spin-up, 8.3W idle
Hitachi Deskstar 7K400 400GB
7200rpm 8MB PATA or SATA
- tough guess, only lists startup (29.5W) and idle (9.5W)
Hitachi Deskstar 7K250 250GB
7200rpm 8MB PATA or SATA
- again, no info, startup is 24W, idle is 7.0W
I'm a bit surprised... the 5400rpm drives really don't require that much less power then the 7200rpm drives. 10W vs 12.5W isn't as a big a difference as I had thought it would be. Maxtor doesn't list start-up currents, so it's tough to compare against the IBM/Hitachi drive that I used in the EPIA box that I had the problem with. Still, I suspect that I could indeed drop a pair of the Maxline II 250/300GB drives in an EPIA box without problems.
I'm also looking to start cutting some power-usage as my power bill has crept up from 500KWH per month to 1000KWH per month due to computer equipment. Instead of using a bunch of small disks, I can save power by using fewer larger disks. Combined with using lower-power CPUs and I can probably cut that back to 750KWH without sacrificing large amounts of storage space.
Of course, my 19" monitor eats up 140W... a comparable LCD would probably only eat 40W. I pay 8.3 cents/KWH, so in a 30.4 day month (730 hours), 100W costs me $6.06. Using 667 KWH in a month is roughly 914W per hour (to check my math). A newer ViewSonic p90f 19" ($210) only uses 120W.
So every 10W that I can shave off of power usage saves me $0.61/month ($7.27/yr). Yeah, not a lot, but every little bit does add up. At least LCD displays have fallen enough that they're worth buying just for the power-savings instead of a regular CRT. LCD 17" displays are down to $360 (comparable to a 19" monitor), LCD 15" screens are $275. Power savings is roughly 60-100W, which works out then to $43-$72/yr. Cost difference pays for itself after about 2-3 years.
Saturday, May 01, 2004
Gentoo Samba (round 2)
(Gentoo samba page, attempt #1)
Well, rebuilding the kernel didn't really do anything other then teach me how to rebuild the kernel... I'm still getting the "net: command not found" error when trying to add the box the AD domain. (And I'm not sure what I missed during the installation.)
I have noticed that "emerge samba" installed the 2.2.8a version of Samba instead of version 3... so now I need to find out how to install v3 on gentoo. According to the packages listing for samba, 3.0.2a-r2 is marked as stable as of Apr 29th. (Also useful is the graphical portage browser.)
# emerge sync
# emerge --pretend samba
Ah ha! Now it indicates that it will install net-fs/samba-3.0.2a-r2, but first there's a message that I need to update portage to the latest version.
# emerge search 'portage'
Shows me that I have 2.0.50-r1 and the latest is 2.0.50.r6 and that the size of the download is 219KB.
# emerge portage
# emerge samba
Well, rebuilding the kernel didn't really do anything other then teach me how to rebuild the kernel... I'm still getting the "net: command not found" error when trying to add the box the AD domain. (And I'm not sure what I missed during the installation.)
I have noticed that "emerge samba" installed the 2.2.8a version of Samba instead of version 3... so now I need to find out how to install v3 on gentoo. According to the packages listing for samba, 3.0.2a-r2 is marked as stable as of Apr 29th. (Also useful is the graphical portage browser.)
# emerge sync
# emerge --pretend samba
Ah ha! Now it indicates that it will install net-fs/samba-3.0.2a-r2, but first there's a message that I need to update portage to the latest version.
# emerge search 'portage'
Shows me that I have 2.0.50-r1 and the latest is 2.0.50.r6 and that the size of the download is 219KB.
# emerge portage
# emerge samba
Gentoo Kernel Rebuild (samba support)
Trying to compile a new kernel with samba support built in... I'll install this one as a different kernel image in the /boot folder. (See the Gentoo handbook for details on what is going on here.)
# cd /usr/src/linux
# make menuconfig
Go to File Systems, Network File Systems, and turn ON the SMB file system support. Exit and save.
# make && make modules_install
# mount /dev/hda1 /boot
# cp arch/i386/boot/bzImage /boot/kernel-2.6.3-20040501-samba
# cp System.map /boot/System.map-2.6.3-20040501-samba
# cp .config /boot/config-2.6.3-20040501-samba
Now, edit the grub configuration file (/boot/grub/grub.conf), and add the new kernel to the list. Here's what my new grub config file looks like:
default 0
timeout 30
title=Gentoo Linux 2.6.3 (Samba Support, May 1 2004)
root (hd0,0)
kernel /kernel-2.6.3-20040501-samba root=/dev/hda2
title=Gentoo Linux 2.6.3
root (hd0,0)
kernel /kernel-2.6.3-gentoo root=/dev/hda2
By leaving a 30 second timeout and leaving the old kernel information in the config file, I have a bit of a window to flip back to the previous kernel if needed. (Not my idea, saw it somewhere else on the web.)
# cd /usr/src/linux
# make menuconfig
Go to File Systems, Network File Systems, and turn ON the SMB file system support. Exit and save.
# make && make modules_install
# mount /dev/hda1 /boot
# cp arch/i386/boot/bzImage /boot/kernel-2.6.3-20040501-samba
# cp System.map /boot/System.map-2.6.3-20040501-samba
# cp .config /boot/config-2.6.3-20040501-samba
Now, edit the grub configuration file (/boot/grub/grub.conf), and add the new kernel to the list. Here's what my new grub config file looks like:
default 0
timeout 30
title=Gentoo Linux 2.6.3 (Samba Support, May 1 2004)
root (hd0,0)
kernel /kernel-2.6.3-20040501-samba root=/dev/hda2
title=Gentoo Linux 2.6.3
root (hd0,0)
kernel /kernel-2.6.3-gentoo root=/dev/hda2
By leaving a 30 second timeout and leaving the old kernel information in the config file, I have a bit of a window to flip back to the previous kernel if needed. (Not my idea, saw it somewhere else on the web.)
Gentoo Samba with ADS
Trying to setup my Samba box ("emerge samba") so that I can access the shares from Win2000 and WinXP machines in a Win2000 domain (Active Directory Services). One of the links indicates that I need MIT Kerberos 1.3.1, which can be installed with "emerge mit-krb5" (AFAICT). So I'll start with installing that... I also have the The Official Samba-3 HOWTO and Reference Guide book handy, although it's a bit sparse on exactly how to setup Samba to be a file server in an ADS environment.
(Note: you should emerge the mit-krb5 package prior to emerge the samba package... otherwise you'll have to recompile samba after the mit-krb5 package is installed if you want ADS support... per the official samba howto / reference guide book in the Bruce Peren's series, p 78, section 6.4.3.1.)
Things that I'll probably definitely configure in smb.conf (reading through the smb.conf.example file while mit-krb5 finishes compiling):
[global]
# section 1
netbios name = nezumi
server string = Samba Server %v
# section 7 (name resolution)
local master = no (don't be a master browser)
domain master = no (don't be a domain master browser)
wins support = no (don't be a wins server)
wins server = (my local wins server... not sure if I can list multiple, actually I lie - I don't have a WINS server on my home network, not going to put this line in)
Well, mit-krb5 is finished emerging in, time to test it out.
# kinit administrator@intra.tgharold.org
Password for administrator@intra.tgharold.org: ******
kinit(v5): KDC has no support for encryption type while getting initial credentials
Hmmm, got an error, should be easy to google for that. Looks like I need to edit the /etc/krb5.conf file, focusing on anywhere that it says "example". Basically, if your ADS domain is "intra.tgharold.org", then replace every occurence of "example.com" with "intra.tgharold.org". Which then gives me the next error:
kinit(v5): Clock skew too great while getting initial credentials
Okay, fixed time... next error! (Again, trying the kinit command.)
kinit(v5): KDC reply did not match expectations while getting initial credentials
That error indicates (according to trouble with fedora and active directory) that there is a case-issue with the principal name. Also, looking at my krb5.conf file again, I see that I forgot to replace the first "example.com =" occurence in the [realms] section. I also edited the /etc/krb5kdc/kdc.conf file, again changing any "EXAMPLE.COM" to "INTRA.TGHAROLD.ORG". Bingo! (and here's the trick... I was testing with the wrong kinit line, everything after the '@' needs to be uppercase)
# kinit administrator@INTRA.TGHAROLD.ORG
Password for administrator@INTRA.TGHAROLD.ORG: ******
That tested out perfectly. Back to Using Samba to Authenticate GNU/Linux Against Active Directory, next step is to configure the /etc/samba/smb.conf file for real. Here's my first attempt:
[global]
netbios name = nazumi
server string = Samba Server %v
local master = no
domain master = no
wins support = no
workgroup = INTRA
realm = INTRA.TGHAROLD.ORG
ads server = DC1.INTRA.TGHAROLD.ORG
security = ADS
encrypt passwords = yes
Save, exit, run the following command to join up with the ADS domain:
# net ads join
Whoops! "net" command not found... um... what did I forget? Er, forgot to install the samba-client package (which is named what?). Well, one note that I read indicates that after Kerberos is installed, you have to reinstall samba to have ADS support compiled in. To uninstall samba, it looks like the command is "emege unmerge samba" (to check before you jump, use "emerge --pretend unmerge samba"). Then "emerge samba" to recompile and re-install samba (probably have to redo the smb.conf file?). Another reason that I'm uninstalling/reinstalling samba is that the keywords "realm" and "ads server" caused complaints when I ran "testparm /etc/samba/smb.conf" to check my syntax.
Well, samba has finished... yet testparm still complains about the "realm" and "ads server" keywords in the smb.conf file. My next guess is that I need to recompile the kernel and make sure I have samba support installed.
Helpful links:
Authenticating to Samba share using "Active Directory Server"
[Samba] force user not working
(Note: you should emerge the mit-krb5 package prior to emerge the samba package... otherwise you'll have to recompile samba after the mit-krb5 package is installed if you want ADS support... per the official samba howto / reference guide book in the Bruce Peren's series, p 78, section 6.4.3.1.)
Things that I'll probably definitely configure in smb.conf (reading through the smb.conf.example file while mit-krb5 finishes compiling):
[global]
# section 1
netbios name = nezumi
server string = Samba Server %v
# section 7 (name resolution)
local master = no (don't be a master browser)
domain master = no (don't be a domain master browser)
wins support = no (don't be a wins server)
wins server = (my local wins server... not sure if I can list multiple, actually I lie - I don't have a WINS server on my home network, not going to put this line in)
Well, mit-krb5 is finished emerging in, time to test it out.
# kinit administrator@intra.tgharold.org
Password for administrator@intra.tgharold.org: ******
kinit(v5): KDC has no support for encryption type while getting initial credentials
Hmmm, got an error, should be easy to google for that. Looks like I need to edit the /etc/krb5.conf file, focusing on anywhere that it says "example". Basically, if your ADS domain is "intra.tgharold.org", then replace every occurence of "example.com" with "intra.tgharold.org". Which then gives me the next error:
kinit(v5): Clock skew too great while getting initial credentials
Okay, fixed time... next error! (Again, trying the kinit command.)
kinit(v5): KDC reply did not match expectations while getting initial credentials
That error indicates (according to trouble with fedora and active directory) that there is a case-issue with the principal name. Also, looking at my krb5.conf file again, I see that I forgot to replace the first "example.com =" occurence in the [realms] section. I also edited the /etc/krb5kdc/kdc.conf file, again changing any "EXAMPLE.COM" to "INTRA.TGHAROLD.ORG". Bingo! (and here's the trick... I was testing with the wrong kinit line, everything after the '@' needs to be uppercase)
# kinit administrator@INTRA.TGHAROLD.ORG
Password for administrator@INTRA.TGHAROLD.ORG: ******
That tested out perfectly. Back to Using Samba to Authenticate GNU/Linux Against Active Directory, next step is to configure the /etc/samba/smb.conf file for real. Here's my first attempt:
[global]
netbios name = nazumi
server string = Samba Server %v
local master = no
domain master = no
wins support = no
workgroup = INTRA
realm = INTRA.TGHAROLD.ORG
ads server = DC1.INTRA.TGHAROLD.ORG
security = ADS
encrypt passwords = yes
Save, exit, run the following command to join up with the ADS domain:
# net ads join
Whoops! "net" command not found... um... what did I forget? Er, forgot to install the samba-client package (which is named what?). Well, one note that I read indicates that after Kerberos is installed, you have to reinstall samba to have ADS support compiled in. To uninstall samba, it looks like the command is "emege unmerge samba" (to check before you jump, use "emerge --pretend unmerge samba"). Then "emerge samba" to recompile and re-install samba (probably have to redo the smb.conf file?). Another reason that I'm uninstalling/reinstalling samba is that the keywords "realm" and "ads server" caused complaints when I ran "testparm /etc/samba/smb.conf" to check my syntax.
Well, samba has finished... yet testparm still complains about the "realm" and "ads server" keywords in the smb.conf file. My next guess is that I need to recompile the kernel and make sure I have samba support installed.
Helpful links:
Authenticating to Samba share using "Active Directory Server"
[Samba] force user not working
Subscribe to:
Posts (Atom)
Posts
