I was going to install Ubuntu on my Dell Desktop (n-Series) at work. So, I burned a CD, fired it up, and…the setup crashed to BusyBox with errors about the ata device. I had seen this before. It had been a while, but I had seen it before. A few minutes of irritated googling later, came up with the following steps:
- boot to the live CD
- add these options to the kernel line (press F6 to get there):
- Because of my dual head setup, it was also easier to boot into safe graphics mode
This allowed me to run setup and get Ubuntu installed…and I shouldn’t even have to mess with it.
I’ve been building a few servers, as of late, at work. For our Windows workstations, we have an AD domain controller setup which, obviously, handles the authentication for each of those machines. For us, as for our users, it is nice to be able to use our normal logins for all of the server maintenance.
So, I joined the boxes to the domain. Like so many things in the Linux world, this task is, ultimately, not hard and has been done by a gazillion people, most of whom have written on it to some degree or another. But, at the same time, the documentation that is received is almost always sketchy, dropping an “obvious” step or two and simply ploughing through. I found some good resources, but still ended up “patching” my directions to get everything working as it ought. Most of the directions came from the first reference below, the author of which seems to be a man after my own heart. However, I still had to do some tweaking. Note: all commands run as root. Anywhere where REALM is used, this is the full domain (i.e. myorg.local or myorg.net, not simply myorg). Anywhere DOMAIN is used, the short name is what it means (myorg, not myorg.local or myorg.net). pdc_ip_address is the IP address for the primary domain controller. Should be obvious, but let’s follow the KISS principle, shall we?
- Install the software. Notice that, as opposed to in , I installed the package ntp not ntp-server
apt-get install libkrb53 krb5-config samba winbind ntpdate ntp
sudo /etc/init.d/samba stop
sudo /etc/init.d/winbind stop
sudo /etc/init.d/ntp stop
- Kerberos needs to be able to do a reverse DNS lookup on the domain controller . This caused me all sorts of problems. In our network, this simply wasn’t happening automatically. Rather than try to figure out why, I added the domain controller to /etc/hosts and restarted the networking service. The downside to this, of course, is if for some reason (like, maybe, a network upgrade) the IP for the domain controller changed in /etc/hosts.
- Configure Kerberos as in 
- Add a section like the following to the section [realms]
kdc = pdc_ip_address
In the section libdefaults, set the default realm like so:
default_realm = REALMNAME
- Configure ntp as in 
- Configure Winbind as in  with the following supplemental lines (note: the last few lines disable printing; this was good for the server I was using and suppressed complaints in the logs, but if you need printing take them out):
realm = REALMNAME
workgroup = DOMAINNAME
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind enum users = yes
winbind enum groups = yes
winbind separator = \
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
sudo net ads join -U "DOMAINADMIN"
- Start samba and winbind
Run: wbinfo -u
If you get a list of domain users, you’re on. Otherwise, check logs and doublecheck yourself.
- Make the following changes to your pam authentication:
account sufficient pam_winbind.so
account required pam_unix.so
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient pam_winbind.so
Try and login with a domain user. This can be done "at the box" or through an SSH session if sshd has been configured to use PAM
This is almost verbatim from . The changes occur in making an addition to /etc/hosts and restarting networking BEFORE continuing and in some extra lines to /etc/samba/smb.conf. Oddly enough, when I was working on a workstation instead of a server, Ubuntu’s GUIfied version of this process was overly involved and a general pain in the neck.
- Using Winbind to Resolve Active Directory Accounts in Debian
- Samba Documentation: Chapter 24: Winbind: Use of Domain Accounts
I have been experimenting with ways to do this on and off, but I finally got CL-SDL loaded into CLISP and without the UFFI patches that are on sourceforge.
It is the kind of thing that should not have been hard and, in the end, it really wasn’t. It was just a matter of doing the research. I have learned more about Common Lisp packages, implementations, and FFIs than I would have expected on this little project.
The main thrust is that UFFI does not support CLISP, though CFFI does. Fortunately, CFFI includes a compatibility layer that allows it to use UFFI bindings. While I had read this on cliki.net, it took a great deal more googling to figure out how to use the darn thing. On the lispwannabe blog, the writer shows an asdf package for uffi that loads cffi’s compatibility layer into asdf as uffi. This is important, because a great many other things expect to find uffi there. At this point, using cl-sdl’s example1.lisp works when I used the following code:
(asdf:operate 'asdf:load-op :uffi)
(asdf:operate 'asdf:load-op :sdl)
This, however, does not solve the whole problem in interactive mode. Within cl-sdl, there are a number of places where slightly different code is written for slightly different implementations. This causes a problem as CLISP doesn’t offer any of them in its *features* variable. One answer is to add clisp’s feature to the lists in the bindings, but that takes a good deal of work. Instead, what I found is that if you just push :cmucl onto features, it works.
Where to go from here: get started on the rewrite of Latrunculi’s graphics system, for one. Another would be to try and use this information to use CL-SDL from within ECL which seems, so far as I can tell, to be the CL implementation with the best Windows support.