<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="OPENWEBMAIL" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
OH! I get it now - you attempted to convert the BlueQuartz server from using databases for user data/authentication to using the old method of flat-files (/etc/passwd & /etc/shadow).
<br />
<br />I've converted two machines in the past that were live machines with active sites. Both worked for me. But in both cases - I made sure I had a positive backup (by taking out one of the two mirrored drives). I did the conversion and when I'd confirmed everything was operational again - I did a complete wipe of the 'out-of-box' drive and put it back in. The system rebuilt the "new" drive in the mirror RAID and everything was happy in the world.
<br />
<br />I've also converted every new BQ server I've built for over a year. Just once, I had a problem. No authentications. Luckily, it was a new box. I just reloaded and did the conversion again - success.
<br />
<br />
<br />OH HEY!!! I bet I know what your problem is!!!
<br />
<br />For some unknown reason - when Brian decided to close up shop on Nuonce, he nuked a bunch of files on his server and put in a disclaimer page about Nuonce's closure. I first ran into this about six months ago - when that new server wouldn't authenticate after the conversion. I started looking through the configuration files. What I found was Brian's procedure in step 10:
<br />
<br /><font size="2">>
10. Rebuild PAM's system-auth configuration
<br />>
<br />>
cd /etc/pam.d/
<br />>
/bin/mv system-auth system-auth.backup
<br />>
/usr/bin/wget <a target="_blank" href="http://www.nuonce.net/bq/system-auth.txt">http://www.nuonce.net/bq/system-auth.txt</a>
<br />>
/bin/mv system-auth.txt system-auth</font>
<br />
<br />But, if you try to pull that file - http://www.nuonce.net/bq/system.auth.txt, all you'll get is that disclaimer about Nuonce closing. Its not the system authenication file that is used to be there. LUCKILY, when it happened to me - I had a copy of that file on another server. Since then, I've built half a dozen BQ servers and converted their authentication system to use flat-files. In each case, I've used the file I already had in place of that Nuonce website file. And every one of them has worked (including two new machines loaded/converted just a week ago).
<br />
<br />I could give you the location on my server to get that file. But its probably easier to just put the data in here. Go to the /etc/pam.d directory. Edit the file "system-auth". You'll probably find that damn Nuonce disclaimer. Delete all the data in that file and put in:
<br />
<pre>#%PAM-1.0
<br /># This file is auto-generated.
<br /># User changes will be destroyed the next time authconfig is run.
<br />auth required /lib/security/$ISA/pam_env.so
<br />auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
<br />auth required /lib/security/$ISA/pam_deny.so
<br />
<br />account required /lib/security/$ISA/pam_unix.so
<br />
<br />password required /lib/security/$ISA/pam_cracklib.so retry=3
<br />password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
<br />password required /lib/security/$ISA/pam_deny.so
<br />
<br />session required /lib/security/$ISA/pam_limits.so
<br />session required /lib/security/$ISA/pam_unix.so
<br /></pre>
<br />Save the file and reboot. Everything should be right with the world now.
<br />
<br />Again - that is PROBABLY the difficulty if you just followed the Nuonce procedure to convert a BlueQuartz server from database authentication to flat-file authentication.
<br />
<br />Good luck.
<br />
<br />
<br />
<br />Chuck
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /><font size="2"><b>---------- Original Message
-----------</b>
<br />
From: "Richard Sidlin" <richard@sidlin.co.uk>
<br />
To: <cobaltfacts@virtbiz.com>, "BlueOnyx General Mailing List"
<blueonyx@blueonyx.it>
<br />
Sent: Sun, 21 Jun 2009 18:12:00 +0100
<br />
Subject: [BlueOnyx:01461] Re: SSH Closes Connection
<br />
<br />> Thanks Chris. It is in a remote datacentre but it will probably mean a
trip
<br />>
to go there tomorrow, it's
<br />>
only about 45 mins away. Definitely the right admin password as it logs into
<br />>
the admin GUI OK. I have changed the password but that makes no difference.
<br />>
It kicks the connection out as soon as you hit enter after entering the
<br />>
password. Once I get there tomorrow, what should I look at?
<br />>
<br />>
As I mentioned, it's the same with telnet and SCP. Doesn't get as far as
<br />>
saying access denied or wrong password. One things that may have been an
<br />>
issue, we had a general problem with authentication last week and I followed
<br />>
the Nuonce procedure (as below). Do you think that that may have caused the
<br />>
problem?
<br />>
<br />>
________________
<br />>
<br />>
1. Stop ALL running Processes.
<br />>
<br />>
The following daemons need to be shutdown. They use system
<br />>
authentication and should be properly shutdown to avoid corrupting the
<br />>
password database. If you installed any application that authenticates
<br />>
against the user database, please shut that down as well!
<br />>
<br />>
/sbin/service crond stop
<br />>
/sbin/service admserv stop
<br />>
/sbin/service httpd stop
<br />>
/sbin/service xinetd stop
<br />>
/sbin/service dovecot stop
<br />>
/sbin/service sendmail stop
<br />>
/usr/bin/killall -9 sendmail
<br />>
/sbin/service saslauthd stop
<br />>
/sbin/service cced.init stop
<br />>
<br />>
After EVERYTHING is stopped running, issue the following
command.
<br />>
/sbin/service dbrecover stop
<br />>
2. MAKE Backups!!!!
<br />>
<br />>
/bin/mkdir -p /SYSTEM-BACKUP
<br />>
cd /var/db/
<br />>
/bin/tar cfvpz /SYSTEM-BACKUP/var-db.tgz *
<br />>
/bin/cp /etc/passwd /SYSTEM-BACKUP/
<br />>
/bin/cp /etc/shadow /SYSTEM-BACKUP/
<br />>
/bin/cp /etc/group /SYSTEM-BACKUP/
<br />>
/bin/cp /usr/sausalito/perl/Base/User.pm /SYSTEM-BACKUP/
<br />>
/bin/cp /usr/sausalito/perl/Base/Group.pm /SYSTEM-BACKUP/
<br />>
/bin/cp /etc/pam.d/system-auth /SYSTEM-BACKUP/
<br />>
/bin/cp /etc/sysconfig/saslauthd /SYSTEM-BACKUP/saslauthd
<br />>
/bin/cp /etc/nsswitch.conf /SYSTEM-BACKUP/
<br />>
3. Lets "unconvert" the database back to flat files.
<br />>
<br />>
cd /var/db
<br />>
#### Watch Line Wrap -- Next 3 lines ####
<br />>
<br />>
/usr/bin/makedb -u passwd.db | /bin/grep -v "^="
| /usr/bin/perl -p -e
<br />>
"s/(^\..*?) //" >> /etc/passwd
<br />>
<br />>
/usr/bin/makedb -u shadow.db | /usr/bin/perl -p -e
"s/(^\..*?) //" >>
<br />>
/etc/shadow
<br />>
<br />>
/usr/bin/makedb -u group.db | /bin/grep -v "^=" |
/usr/bin/perl -p -e
<br />>
"s/(^\..*?) //" >> /etc/group
<br />>
<br />>
4. Clean up the old password & shadow database now
<br />>
<br />>
cd /var/db
<br />>
/bin/touch passwd shadow group
<br />>
/usr/bin/makedb -o passwd.db passwd
<br />>
/usr/bin/makedb -o shadow.db shadow
<br />>
/usr/bin/makedb -o group.db group
<br />>
/bin/rm -f passwd shadow group
<br />>
5. Verify they are indeed blank to avoid any issues.
<br />>
<br />>
cd /var/db
<br />>
/usr/bin/makedb -u passwd.db
<br />>
/usr/bin/makedb -u shadow.db
<br />>
/usr/bin/makedb -u group.db
<br />>
6. Make a change to the BlueQuartz backend so that it uses /etc/passwd
&
<br />>
/etc/shadow instead
<br />>
<br />>
cd /usr/sausalito/perl/Base/
<br />>
/usr/bin/pico User.pm
<br />>
<br />>
Search for:
<br />>
sub useradd
<br />>
<br />>
Two lines below that, replace:
<br />>
return _internal_useradd([PWDB_UNIXDB, PWDB_SHADOWDB], @_);
<br />>
with:
<br />>
return _internal_useradd([PWDB_UNIX, PWDB_SHADOW], @_);
<br />>
<br />>
Save the file, and exit it.
<br />>
7. Make a change to the BlueQuartz backend so that it uses /etc/group
<br />>
instead!
<br />>
<br />>
cd /usr/sausalito/perl/Base/
<br />>
/usr/bin/pico Group.pm
<br />>
<br />>
Search for:
<br />>
sub groupadd
<br />>
<br />>
Two lines below that, replace:
<br />>
return _internal_groupadd([PWDB_UNIXDB, PWDB_SHADOWDB],
@_);
<br />>
with:
<br />>
return _internal_groupadd([PWDB_UNIX, PWDB_SHADOW], @_);
<br />>
<br />>
Save the file, and exit it.
<br />>
8. Change nsswitch.conf so it won't look at the old database
<br />>
<br />>
/usr/bin/perl -pi -e "s#db files#files#"
/etc/nsswitch.conf
<br />>
9. Change saslauthd so it won't look at the old database
<br />>
<br />>
/usr/bin/perl -pi -e "s#^MECH=pam#MECH=shadow#"
<br />>
/etc/sysconfig/saslauthd
<br />>
10. Rebuild PAM's system-auth configuration
<br />>
<br />>
cd /etc/pam.d/
<br />>
/bin/mv system-auth system-auth.backup
<br />>
/usr/bin/wget <a target="_blank" href="http://www.nuonce.net/bq/system-auth.txt">http://www.nuonce.net/bq/system-auth.txt</a>
<br />>
/bin/mv system-auth.txt system-auth
<br />>
11. Start the processes back up.
<br />>
<br />>
/sbin/service dbrecover start
<br />>
/sbin/service xinetd start
<br />>
/sbin/service dovecot start
<br />>
/sbin/service saslauthd start
<br />>
/sbin/service sendmail start
<br />>
/sbin/service cced.init start
<br />>
/sbin/service admserv start
<br />>
/sbin/service httpd start
<br />>
/sbin/service crond start
<br />>
12. Now that all services should be running again, go ahead and test
<br />>
functionality.
<br />>
<br />>
Everything should work with out any issues.
<br />>
<br />>
From: "Chris Gebhardt - VIRTBIZ Internet"
<cobaltfacts@virtbiz.com>
<br />>
To: "BlueOnyx General Mailing List" <blueonyx@blueonyx.it>
<br />>
Sent: Sunday, June 21, 2009 4:11 PM
<br />>
Subject: [BlueOnyx:01460] Re: SSH Closes Connection
<br />>
<br />>
> Richard Sidlin wrote:
<br />>
>> Hi
<br />>
>>
<br />>
>> When I connect to my server via SSH, it asks for the login as: and when
<br />>
>> I type in the password, I get Server unexpectedly closed network
<br />>
>> connect. Actaully, this is a Blue Quartz box. I have never had a
problem
<br />>
>> with this before. I have used two different usernames and both do the
<br />>
>> same and I have tried accessing it from different machines and still
the
<br />>
>> same.
<br />>
>>
<br />>
>> Access to the admin GUI is fine. I have rebooted the server but this
<br />>
>> made no difference.
<br />>
>
<br />>
> You are certain that you are using the correct usr/pwd combo?
<br />>
>
<br />>
> Here is what I would try on the chance that somebody has run passwd from
<br />>
> the CLI:
<br />>
>
<br />>
> 1) Log into GUI as admin and go to Personal Profile, Account and set a
<br />>
> new password.
<br />>
>
<br />>
> 2) Log into CLI as admin using the password you jus set from the GUI.
<br />>
> That should let you in.
<br />>
>
<br />>
> 3) See if you can su - to root now using the same password.
<br />>
>
<br />>
> That ought to work. If it doesn't, I suppose you could always reboot
<br />>
> the box into single user mode and reset the password that way. If the
<br />>
> box is in a remote datacenter you can have the datacenter staff help you
<br />>
> with it or if they're like us, they can provide you with an IP-KVM so
<br />>
> that you can reboot the box and watch it go through POST and GRUB so you
<br />>
> can have virtual console access to it.
<br />>
>
<br />>
> HTH,
<br />>
> --
<br />>
> Chris Gebhardt
<br />>
> VIRTBIZ Internet Services
<br />>
> Access, Web Hosting, Colocation, Dedicated
<br />>
> <a target="_blank" href="http://www.virtbiz.com/">www.virtbiz.com</a> |
toll-free (866) 4 VIRTBIZ
<br />>
> _______________________________________________
<br />>
> Blueonyx mailing list
<br />>
> Blueonyx@blueonyx.it
<br />>
> <a target="_blank" href="http://www.blueonyx.it/mailman/listinfo/blueonyx">http://www.blueonyx.it/mailman/listinfo/blueonyx</a>
<br />>
>
<br />>
> --
<br />>
> This message has been scanned for viruses and
<br />>
> dangerous content by the Help Internet
<br />>
> MailScanner, and is believed to be clean.
<br />>
>
<br />>
<br />>
_______________________________________________
<br />>
Blueonyx mailing list
<br />>
Blueonyx@blueonyx.it
<br />>
<a target="_blank" href="http://www.blueonyx.it/mailman/listinfo/blueonyx">http://www.blueonyx.it/mailman/listinfo/blueonyx</a>
<br /><b>------- End of Original Message
-------</b>
<br />
</font>
</BODY>
</HTML>