[BlueOnyx:00318] Re: Customers unable to use mail services
Greg Kuhnert
greg.kuhnert at theanchoragesylvania.com
Mon Jan 19 16:24:19 -05 2009
Try http://nuonce.gknsonline.com/bq/system-auth.txt
Howie Dines wrote:
> http://www.nuonce.net/bq/system-auth.txt
>
> is not there !
>
> Howie
>
> ________________________________
>
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On
> Behalf Of Jean Rousseau Franco
> Sent: 19 January 2009 19:50
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:00311] Re: Customers unable to use mail services
>
>
> Convert your system back to flat passwd files
> Purpose:
> The authentication mechanism on BlueQuartz + CentOS can cause your user
> database to become corrupted. Changing back to a flat file authentication
> should fix this problem.
>
> *** NOTICE ***
>
> By following this procedure, you do incur a chance of something awful
> happening. It is advised that you ONLY do this if your very comfortable with
> Linux & BlueQuartz. It is also highly advised to do this only if you have a
> full system back BEFORE trying it!!!
>
> Only YOU will be held responsible if anything bad happens. These steps were
> typed as they were tried and verified before being added.
>
> You have been warned!
>
> *** NOTICE ***
>
> 1. Stop ALL running Processes.
>
> The following daemons need to be shutdown. They use system
> authentication and should be properly shutdown to avoid corrupting the
> password database. If you installed any application that authenticates
> against the user database, please shut that down as well!
>
> /sbin/service crond stop
> /sbin/service admserv stop
> /sbin/service httpd stop
> /sbin/service xinetd stop
> /sbin/service dovecot stop
> /sbin/service sendmail stop
> /usr/bin/killall -9 sendmail
> /sbin/service saslauthd stop
> /sbin/service cced.init stop
>
> After EVERYTHING is stopped running, issue the following command.
> /sbin/service dbrecover stop
> 2. MAKE Backups!!!!
>
> /bin/mkdir -p /SYSTEM-BACKUP
> cd /var/db/
> /bin/tar cfvpz /SYSTEM-BACKUP/var-db.tgz *
> /bin/cp /etc/passwd /SYSTEM-BACKUP/
> /bin/cp /etc/shadow /SYSTEM-BACKUP/
> /bin/cp /etc/group /SYSTEM-BACKUP/
> /bin/cp /usr/sausalito/perl/Base/User.pm /SYSTEM-BACKUP/
> /bin/cp /usr/sausalito/perl/Base/Group.pm /SYSTEM-BACKUP/
> /bin/cp /etc/pam.d/system-auth /SYSTEM-BACKUP/
> /bin/cp /etc/sysconfig/saslauthd /SYSTEM-BACKUP/saslauthd
> /bin/cp /etc/nsswitch.conf /SYSTEM-BACKUP/
> 3. Lets "unconvert" the database back to flat files.
>
> cd /var/db
> #### Watch Line Wrap -- Next 3 lines ####
>
> /usr/bin/makedb -u passwd.db | /bin/grep -v "^=" | /usr/bin/perl -p -e
> "s/(^\..*?) //" >> /etc/passwd
>
> /usr/bin/makedb -u shadow.db | /usr/bin/perl -p -e "s/(^\..*?) //" >>
> /etc/shadow
>
> /usr/bin/makedb -u group.db | /bin/grep -v "^=" | /usr/bin/perl -p -e
> "s/(^\..*?) //" >> /etc/group
>
> 4. Clean up the old password & shadow database now
>
> cd /var/db
> /bin/touch passwd shadow group
> /usr/bin/makedb -o passwd.db passwd
> /usr/bin/makedb -o shadow.db shadow
> /usr/bin/makedb -o group.db group
> /bin/rm -f passwd shadow group
> 5. Verify they are indeed blank to avoid any issues.
>
> cd /var/db
> /usr/bin/makedb -u passwd.db
> /usr/bin/makedb -u shadow.db
> /usr/bin/makedb -u group.db
> 6. Make a change to the BlueQuartz backend so that it uses /etc/passwd &
> /etc/shadow instead
>
> cd /usr/sausalito/perl/Base/
> /usr/bin/pico User.pm
>
> Search for:
> sub useradd
>
> Two lines below that, replace:
> return _internal_useradd([PWDB_UNIXDB, PWDB_SHADOWDB], @_);
> with:
> return _internal_useradd([PWDB_UNIX, PWDB_SHADOW], @_);
>
> Save the file, and exit it.
> 7. Make a change to the BlueQuartz backend so that it uses /etc/group
> instead!
>
> cd /usr/sausalito/perl/Base/
> /usr/bin/pico Group.pm
>
> Search for:
> sub groupadd
>
> Two lines below that, replace:
> return _internal_groupadd([PWDB_UNIXDB, PWDB_SHADOWDB], @_);
> with:
> return _internal_groupadd([PWDB_UNIX, PWDB_SHADOW], @_);
>
> Save the file, and exit it.
> 8. Change nsswitch.conf so it won't look at the old database
>
> /usr/bin/perl -pi -e "s#db files#files#" /etc/nsswitch.conf
> 9. Change saslauthd so it won't look at the old database
>
> /usr/bin/perl -pi -e "s#^MECH=pam#MECH=shadow#"
> /etc/sysconfig/saslauthd
> 10. Rebuild PAM's system-auth configuration
>
> cd /etc/pam.d/
> /bin/mv system-auth system-auth.backup
> /usr/bin/wget http://www.nuonce.net/bq/system-auth.txt
> /bin/mv system-auth.txt system-auth
> 11. Start the processes back up.
>
> /sbin/service dbrecover start
> /sbin/service xinetd start
> /sbin/service dovecot start
> /sbin/service saslauthd start
> /sbin/service sendmail start
> /sbin/service cced.init start
> /sbin/service admserv start
> /sbin/service httpd start
> /sbin/service crond start
> 12. Now that all services should be running again, go ahead and test
> functionality.
>
> Everything should work with out any issues.
> 13. IF YOU RUN INTO ISSUES!!!!
>
> Stop all Services, Do Step #1
>
> Restore the backup
> cd /var/db
> /bin/tar xfvpz /SYSTEM-BACKUP/var-db.tgz
> /bin/cp /SYSTEM-BACKUP/passwd /etc/passwd
> /bin/cp /SYSTEM-BACKUP/shadow /etc/shadow
> /bin/cp /SYSTEM-BACKUP/group /etc/group
> /bin/cp /SYSTEM-BACKUP/User.pm /usr/sausalito/perl/Base/User.pm
> /bin/cp /SYSTEM-BACKUP/Group.pm /usr/sausalito/perl/Base/Group.pm
> /bin/cp /SYSTEM-BACKUP/system-auth /etc/pam.d/system-auth
> /bin/cp /SYSTEM-BACKUP/saslauthd /etc/sysconfig/saslauthd
> /bin/cp /SYSTEM-BACUP/nsswitch.conf /etc/nsswitch.conf
>
> Start all Services, Do Step #11
>
> Alex Moen escreveu:
>
> Hmmm... File not found...
>
> Must have been deleted. But I sure would like a copy if you still
> have it.
>
> Thanks,
>
> Alex
>
> Lucas Peyatt - Ohio Web Hosting & Development wrote:
>
>
> When I did the conversion I saved the article as a PDF, I
> have put it on my
> server.
>
> http://bluequartz.ohiowebhosting.net/pdfs/pwdb-to-shadow.pdf
>
> On Mon, 19 Jan 2009 11:15:14 -0600, Alex Moen wrote
>
>
> Hi all,
>
> Have not yet upgraded to BlueOnyx, planning to as
> soon as time allows
> and I can test it out.
>
> Until then, we have a NuOnce BlueCentOS server that
> is experiencing
> the "check pass; user unknown" and "PAM_pwdb[22983]:
> get passwd; pwdb:
> structure is no longer valid" errors. The fix,
> according to Google,
> was at
> http://www.nuonce.net/bq-howto.php?action=view&id=23... which
> is no longer in existence. I realize that this is a
> mailing list for
> BlueOnyx, and I apologize for the off-topic post,
> but this seems to be
> where the expertise for BlueCentOS has moved to
> since the other list
> is off-air.
>
> Does anyone have an answer for this? We have a
> couple of those really
> impatient customers that are nasty if things don't
> go perfectly right
> on this server, and we had to reboot it twice last
> week to get this
> problem solved. Unfortunately, we don't find out
> about the problem
> until they are upset and worked into a frenzy.
>
> TIA,
>
> Alex
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>
> --
> Lucas Peyatt
> Ohio Web Hosting & Design
> lucas at ohiowebhosting.net
> www.ohiowebhosting.net
> 937.969.4476 dayton
> 614.441.8169 columbus
> 513.258.2376 cincinnati
> 206.350.1292 facsimile
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
>
>
>
More information about the Blueonyx
mailing list