Likewise AD Domain Join Breaks Every 7 Days
I have been using Likewise Open for awhile to perform user authentication against Active Directory on my Linux servers. For the most part it works great, and is dead simple to set up.
Recently I have been building out a SLES 11 environment and ran into some troubles with authentication with Likewise. I could join servers to the domain and everything would work great. Then some time later I would go to log in to the server only to get an "access denied" error. Upon logging in as root on the console and running "domainjoin-cli query", I would get this output:
someserver:~ # domainjoin-cli query Error: Lsass Error [code 0x00080047] 40022 (0x9C56) LW_ERROR_PASSWORD_MISMATCH - The password is incorrect for the given username
When searching for "LW_ERROR_PASSWORD_MISMATCH", there are hardly any results. Most of the results I did get were just links to source code where that string was used as a constant.
After quite a bit of log hunting and deduction, I was finally able to figure it out and correct the error. Read on for the solution.
Xen 3.4 – 4.0 Bug On AMD 6100 Series (Magny-Cours) Opteron
Xen 3.4 through 4.0 will not boot on the new AMD 6100 series (Magny-Cours) Opteron CPU (Socket G34). There seems to be a bug in the Machine Check Exception (MCE) handling code that causes Xen to panic. The 'nomce' (3.4) and 'no-mce' (4.0) boot options do not properly turn off the MCE code, so this cannot be used to avoid the issue.
There is a patch in Xen 4.0 unstable that fixes the 'nomce' boot option so that it works properly. Unfortunately this change has not been back-ported to Xen 3.4 by most of the Linux distros yet.
I have applied the fix to Xen 3.4.1 for OpenSUSE 11.2 and built RPMs for the affected packages. This did the trick and my AMD 6100 series systems are now running Xen just fine with the 'nomce' boot option. Read on for more details and the link to the RPMs with the fix.
Windows XP/Vista/7 iSCSI Boot
UPDATE: A lot of people are hitting this searching for Windows 7 iSCSI boot info. It's EASY! Jump to the bottom for some links that should get you going. The bulk of this article is about Windows XP iSCSI booting, which is also easy, but more involved than Windows 7.
It has been awhile now since I have lost my animosity toward people who destroy computers that I administer. Mostly because I get paid money to spend half my time at work un-breaking and tidying *NIX servers. It also means that I have a particular attraction to anything that helps me clean up the users' mess more quickly.
Enter: My home media PC.
This is a computer attached to the TV in my living room. Everyone who uses it is 90% likely to be intoxicated and know nothing about computers. When we get back from the bar or just party at home this thing ends up being used to troll YouTube and email until the wee hours of the morning. It's 3:30am and your drunk friend checks his email and gets a link to download sweetvideo.exe. "Sounds GREAT!"
So I got sick of constantly rebuilding the computer. Linux storage server + LVM snapshots + gPXE + iSCSI boot-from-san Windows solution after the jump.
More Fun With VirtualBox
I upgraded VirtualBox from 2.4.1 to 2.2.0 today. The procedure came with the usual fun I've come to expect from VirtualBox, though overall I am happy with the upgrade. In short, if you upgrade make sure none of your hosts use the PCNet virtual NIC. The Intel PRO/1000 MT Desktop virtual NIC works the best on all of my hosts. More details after the jump.
Ubuntu Multipath Boot From SAN Experiment
Today I ran a test of building an Ubuntu 8.10 Server x86_64 system that boots from SAN and has multipath enabled for the boot LUNs. We had run through this exercise on Red Hat Enterprise Linux 5 (RHEL5) earlier, and wanted to test the setup on Ubuntu.
I thought I would have a nice long article to write about this. Something complete and detailed to fill the void of information I found when looking for instructions myself. Now I think I understand why there was nothing to be found on this topic; there really is nothing to it.