Adding FreeBSD 9 servers to Active Directory with Samba36 and Kerberos

#Take care of time sync issues before anything else
#Configure ntpdate against domain controller and enable or make sure all servers are #pointed to the same time source it’s best to use the domain controller

vi /etc/rc.conf


#Min number of files required for the kernel to deal with AD is 16384, modify systctl.conf
vi /etc/sysctl.conf


#Reboot so the changes take effect
#Make sure /etc/hosts is configured properly
#Adjust per system localhost kgfree

#Create krb5.conf
vi /etc/krb5.conf

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
kdc =
admin_server =
default_domain = MYDOMAIN
kdc =
[domain_realm] = MYDOMAIN.COM = MYDOMAIN.COM

#Test kerberos
kinit Administrator@MYDOMAIN.COM
#Confirm ticket

#Install Samba
cd /usr/ports/net/samba36
make install clean
#configure options

[X] LDAP With LDAP support
[X] ADS With Active Directory support
[X] WINBIND With WinBIND support
[X] ACL_SUPPORT With ACL support
[X] SYSLOG With Syslog support
[X] PAM_SMBPASS With PAM authentication vs passdb backends
[X] DNSUPDATE With dynamic DNS update(require ADS)
[X] POPT With system-wide POPT library

Choose python bindings
No TLS/SSL for cups

#Configure Samba to start
vi /etc/rc.conf


#Configure Samba
vi /usr/local/etc/smb.conf

workgroup = MYDOMAIN
server string = FreeBSD Server
security = ads
idmap config * : range = 10000-20000
idmap config * : backend = idmap_rid:MYDOMAIN=10000-20000
template shell = /bin/sh
template homedir = /home/%D/%U
winbind use default domain = Yes
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
wins server =
dns proxy = no

comment = Home Directories
browseable = no
writable = yes

#Test to make sure the conf file is correct and in the expected location (sometimes you #may have to move the smb.conf to /usr/local/etc/samba )

#Join the domain
net ads join -U Administrator

#Home directory creation, we can use pam_mkhomedir
cd /usr/ports/security/pam_mkhomedir
make install clean

#Enable homedir creation with sshd
vi /etc/pam.d/sshd

auth            sufficient             no_warn try_first_pass
auth sufficient /usr/local/lib/ try_first_pass
session required /usr/local/lib/

#Start samba
/usr/local/etc/rc.d/samba start

#Test users and groups (if everything is configure properly you will see a list of domain #users and groups
wbinfo -u
wbinfo -g

Dell D630 FreeBSD 9 Build

Here’s the build of my latest system I won’t go into installation or network configuration as that’s very well documented in the handbook

# I chose the 64bit install for my D630
Freebsd 9 installation DVD x64 iso (I pxeboot the install from a linux server)
# I select source (I need it to compile certain ports I use)
Choose SRC as an additional installation option

# Create your local user(s)
Set user preferences up

# Get the ports tree current
portsnap fetch extract

# Later I just run this to maintain ports as my regular user
sudo portsnap fetch update


#login as root

# If you want your user to be able to reboot replace user_name with your username
pw groupmod operator -m user_name

# I use two port management tools portmaster and portupgrade

cd /usr/ports/ports-mgmt/portmaster && make install clean
cd /usr/ports/ports-mgmt/portupgrade && make install clean

# I’m partial to sudo
portinstall sudo
add your user to the sudoers file

# logout as root
# I log back in as my regular user because I reference my home directory for some configuration files

# I use portmaster to configure xorg-server
sudo portmaster x11-servers/xorg-server

# I configure HAL in case well just in case
select HAL option
I remove support from vid drivers that aren’t relevant to my laptop
Enabled libsigsegv for diagnostics
the rest of the options for the port and dependencies I leave the defaults

# Move and configure defaults for portmaster ( I do this after xorg so I can configure some options rather than running configure)
sudo cp /usr/local/etc/portmaster.rc.sample /usr/local/etc/portmaster.rc

# I use vi  to edit files so use your preferred editor and edit the above file make sure the options between start and end exist and are uncommented
## Start
# Always delete stale distfiles without prompting (-d)
# Be verbose (-v)
# Install packages for build-only dependencies (–packages-build)
# Delete build-only dependencies when finished (–delete-build-only)
#Suppress the build confirmation message (–no-confirm)
## End

# For better desktop performance edit /boot/loader.conf
Edit loader.conf to have kern.maxfiles=”25000″

# I always get errors with portmaster with one or more of these so I’ve switched my install at this step to use portinstall and install multiple ports at once
sudo portinstall -v xauth xinit xorg-fonts webfonts

# configure  Xorg
sudo Xorg -configure
sudo cp /etc/X11/xorg.conf
# After several attempted installs on two different laptops I have come to just add this to the ServerLayout section of the xorg.conf as the final option
Option “AllowEmptyInput” “Off”
# Add the path for webfonts in the Files section
FontPath “/usr/local/lib/X11/fonts/webfonts/”

# If you have an nvidia card
sudo portinstall nvidia-driver
sudo portinstall nvidia-xconfig
sudo nvidia-xconfig

# If the nvidia card fails to load due to error 6 add this to your loader.conf
sudo echo ‘debug.acpi.disabled=”sysres”‘ >> /boot/loader.conf

# I like the configurability of fluxbox and how lightweight it is so
sudo portinstall fluxbox
Choose imlib2 and PDF options

# I use tint2 as a toolbar and wbar as a launcher but I’ve been working more with the menu on this build so I’m not starting it at startup for this build
sudo portinstall tint2 wbar

# I like these two terminals
sudo portinstall xterm rxvt-unicode

# I’m using devd automounting even though I have hal enabled
sudo portinstall automount

# My preferred browsers
sudo portmaster WWW/Firefox
sudo portinstall www/chromium
Add gstreamer
Add ffmpeg
Add lame alsa

# install pidgin for IM
sudo portinstall pidgin

#setup directory for tint2
mkdir -p ~/.config/tint2
cp /usr/local/share/examples/tint2/tint2rc ~/.config/tint2/tint2rc

# I find it easier to create the fluxbox dir and then launch fluxbox and shut it down so it creates on the default files for me

#First create the dir
mkdir ~/.fluxbox

# create the startup file I’ve found it to either be .fluxbox/startup or ~/.xinitrc for this build I used ~/.xinitrc

# Enter this as the last line in ~/.xinitrc
exec fluxbox

# launch X and as soon as it starts right click and exit fluxbox

# Edit ~/.fluxbox/init and find session.screen0.toolbar.visible: true if it does not exist create the entry and set it to false

# To receive notifications I install
sudo portinstall notification-daemon

# To monitor cpu, battery and network these are nice lightweight apps and uses the slit
sudo portinstall wmnd wmcpuload wmbsdbatt

# I like to use atop for monitoring system performance
sudo portinstall atop

# To maintain your desktop image you change the screen number to change the wallpaper on that desktop default is 0 – 3 edit .fluxbox/init
session.screen0.rootCommand:  fbsetbg -f ~/daemonsunset.jpg

# I edit ~/.xinitrc and add the programs I want to start at launch these all must be before the command exec fluxbox I start tint, wmnd for wlan0 (you launch one per interface), cpuload, terminal daemon and notification daemon, my current config is between the start and end

( sleep 2 && tint2 ) &
wmnd -i wlan0 &
wmcpuload &
wmbsdbatt -b &
urxvtd -q -f -o &
/usr/local/libexec/notification-daemon &
exec fluxbox

# I use the sample config for automount
sudo cp /usr/local/etc/automount.conf.sample /usr/local/etc/automount.conf

# To take screenshots I use scrot because it offers some nice options
sudo portinstall scrot

# Set up a screensaver
sudo portinstall xscreensaver

# Reboot and at this point log back in as your user and edit.fluxbox/menu. There should already be a default from fluxbox there are many options you can do or use for now I’ll just set some basic favorites at the top and change the title of my menu I’ll eventually add IRC so i’m adding it now

[begin] (TheMadIndian’s Fluxbox Menu)
[exec] (Firefox) {firefox} </usr/local/lib/firefox/chrome/icons/default/default48.png>
[exec] (Chrome) { /usr/local/bin/chrome} </usr/local/share/chromium/product_logo_48.png>
[exec] (Terminal) {$TERM}
[exec] (Irc) {xchat}
[exec] (Lock screen) {xscreensaver-command -lock}
[separator ]

# save the file and startx

I come up with a simply configured fluxbox, I’ll add more apps, I may update the build again but with the rdesktop port I have been working effectively all day on this configuration administering linux, freebsd and windows servers.


Graphing FreeNAS with routers2.cgi

While the webui provides graphing I found it lacking for my needs and inconsistent for historical use as graphs have a tendency to disappear during upgrades

I have routers2.cgi running with mrtg and rrdtool on one of my freebsd servers
before running cfgmaker_host from my monitoring server I wanted more than network i/o and that requires some work first on freenas.

First configure snmp

Then you’ll want to set your info and change community string to something other than public and add the auxilary parameters, this will allow routers2 to pull all the disk, process,cpu, memory, load and network stats

Auxillary parameters to add:
begemotSnmpdModulePath.”hostres” = “/usr/lib/”
begemotSnmpdModulePath.”ucd” = “/usr/local/lib/”

Once that’s done you can run cfgmaker_host from the monitoring server wait 10 minutes and you should start getting your graphs

Meet TheMadIndian

Well this is my first official blog, I’ve got a few write ups I’ll be putting up over the next few days.

A little background about me, I’ve been an IT professional officially since 1995, unofficially I’ve been around computers my whole life and have been writing simple DOS programs since DOS 2.2.  I was a die hard Windows guy until 2007 where I finally succumbed to Linux out of need.  I’ve never looked back, I’ve fallen in love with linux especially Fedora and Slackware.  My posts will be mostly centered around Windows, Linux and FreeBSD. In my day to day life I run 3 infrastructure teams. Information Security, Operations and IT Support.  I look forward to hearing from you.