Monthly Archives: May 2014

Ubuntu: AD authentication after system upgrade

After a System upgrade from Ubuntu Precise Pangolin to Trusty Tahr I wasn’t able to connect to the server using SMB. The server is part of a active directory. Reading the documentation through, I figured out that wbinfo worked flawless, but the user was not found when using id.

$ wbinfo -u
my.user
guest
...

$ id my.user
id: my.user: no such user

/etc/nsswitch.conf need be configured right (winbind must be configured), but it was in my case:

passwd: compat winbind
group: compat winbind
shadow: compat
...

Using strace, I figured out that libnss_winbind.so.2 wasn’t found by id. In the end, the solution was easy as that:

$ sudo apt-get install libnss-winbind
...
$ sudo service winbind restart
winbind stop/waiting
winbind start/running, process 3399
$ id my.user
uid=10006(my.user) gid=10002(domain user) groups=...

git send-email and SMTP with SSL

On Fedora 20, when using git send-email I always got this error:

Unable to initialize SMTP properly. Check config and use --smtp-debug. VALUES: server=my.server.com encryption=ssl hello=my.host.com port=465 at /usr/libexec/git-core/git-send-email line 1255.

Even using the suggested parameter –smtp-debug 1 did not help, I get the exactly same output with that parameter. In the end, it turned out the self-signed certificate is not accepted right away (which of course is good) but lead to no specific error message (which is not so good). However, using the parameter –smtp-ssl-cert-path “” disables certificate verification, which already allowed me to send the e-mail.

However, one want to install the certificate in a way that its always accepted. git send-email relies on OpenSSL certificate database. In order to add an additional CA certificate one has to add it to /etc/pki/tls/certs and create a symlink to its hash.

$ curl http://url.to/root.crt -o myroot.crt
$ openssl x509 -noout -in myroot.crt -fingerprint

If you are paranoid, and you should be nowadays, verify your fingerprint at this point 🙂

# mv myroot.crt /etc/pki/tls/certs
# cd /etc/pki/tls/certs
# openssl x509 -in myroot.crt -out myroot.pem -outform PEM
# ln -s myroot.pem `openssl x509 -hash -noout -in myroot.pem`.0

Update:
This works also for Arch Linux, however the OpenSSL certificates are located under /etc/ssl/certs/. Also for SMTP with SSL to work, the following packages are needed

pacman -S perl-net-smtp-ssl perl-authen-sasl