Sethos II's questions

我尝试使用 sysprep 准备 Windows 10 21H1 安装以进行映像。我激活了 OOBE 并进行了概括。Sysprep 说它是成功的，但它运行得很快，并且日志文件 ( setupact.log) 突然结束，见下文。

问题是，在重新启动后，我没有看到 OOBE 首次运行设置的东西，而只是看到了“其他用户”的登录屏幕，我无法在那里登录。

panther 目录有一个空目录setuperr.log，setupact.log包含两个警告，没有错误，最后有很多这样的条目：

...
2021-08-12 10:07:51, Warning                      TapiSysPrep.dll:RetainTapiLocations:RegQueryValueEx() returned 2
...
2021-08-12 10:08:15, Warning               SYSPRP SPPNP: Failed to configure oem31.inf (fn.inf). Err = 0x430
...
2021-08-12 10:08:19, Info                  SYSPRP SPPNP: Configured oem53.inf (wiman.inf).
2021-08-12 10:08:19, Info                  SYSPRP SPPNP: Configured oem54.inf (qmuxmdm.inf).

我有一个现有的 slurm 集群启动并运行，但截至今天没有更改配置，当我运行某些sacctmgr命令并slurmdbd崩溃时出现错误：

$ sacctmgr list associations
sacctmgr: error: slurm_persist_conn_open_without_init: failed to open persistent connection to slurm.domain.com:6819: Connection refused
sacctmgr: error: slurmdbd: Getting response to message type 1410
sacctmgr: error: slurmdbd: DBD_GET_ASSOCS failure: Connection refused
 Error with request: Connection refused

节目systemctl status：

Jul 03 10:01:46 slurm systemd[1]: slurmdbd.service: Main process exited, code=killed, status=11/SEGV
Jul 03 10:01:46 slurm systemd[1]: slurmdbd.service: Failed with result 'signal'.

slurmdbd.log 说：

[2020-07-03T10:01:45.816] debug2: Opened connection 9 from 127.0.0.1
[2020-07-03T10:01:45.817] debug:  REQUEST_PERSIST_INIT: CLUSTER:slurmcluster VERSION:8192 UID:0 IP:127.0.0.1 CONN:9
[2020-07-03T10:01:45.817] debug2: acct_storage_p_get_connection: request new connection 1
[2020-07-03T10:01:45.861] debug2: DBD_FINI: CLOSE:0 COMMIT:0
[2020-07-03T10:01:45.862] debug4: got 0 commits
[2020-07-03T10:01:45.949] debug2: DBD_GET_ASSOCS: called
[2020-07-03T10:01:45.950] debug4: 9(as_mysql_assoc.c:2032) query
call get_parent_limits('assoc_table', 'root', 'slurmcluster', 0); select @par_id, @mj, @msj, @mwpj, @mtpj, @mtpn, @mtmpj, @mtrm, @def_qos_id, @qos, @delta_qos;

但是其他命令有效（崩溃后需要重新启动 slurmdbd）：

$ sacctmgr show cluster
   Cluster     ControlHost  ControlPort   RPC     Share GrpJobs       GrpTRES GrpSubmit MaxJobs       MaxTRES MaxSubmit     MaxWall                  QOS   Def QOS
---------- --------------- ------------ ----- --------- ------- ------------- --------- ------- ------------- --------- ----------- -------------------- ---------
slurmclus+       127.0.0.1         6817  8192         1                                                                                           normal

我可以连接到数据库并执行命令。另外，我可以通过telnet slurm.domain.com 6819.

我正在使用标准 Ubuntu 18.04 存储库中的 slurm 17.11.2 和 MySQL 5.7。

我尝试slurmdbd从标准存储库（版本：）在 Ubuntu 16.04 上安装会计15.08.7-1build1。

以下是命令：

$ sudo apt-get install mysql-server
$ sudo mysql
> create user 'slurm'@'localhost' identified by '123456';
> grant all on *.* TO 'slurm'@'localhost' identified by '123456' with grant option;
> create database slurm_acct_db;
> flush privileges;
> exit
$ sudo apt-get install slurmdbd
$ sudo vi /etc/slurm-llnl/slurmdbd.conf
$ cat /etc/slurm-llnl/slurmdbd.conf
AuthType=auth/munge
AuthInfo=/var/run/munge/munge.socket.2
DbdHost=localhost
DebugLevel=debug5
StorageHost=localhost
StorageLoc=slurm_acct_db
StoragePass=123456
StorageType=accounting_storage/mysql
StorageUser=slurm
LogFile=/var/log/slurm-llnl/slurmdbd.log
PidFile=/var/run/slurm-llnl/slurmdbd.pid
SlurmUser=slurm

但是启动slurmdbd失败：

$ sudo systemctl start slurmdbd.service
Job for slurmdbd.service failed because the control process exited with error code. See "systemctl status slurmdbd.service" and "journalctl -xe" for details.
$ systemctl status slurmdbd.service
● slurmdbd.service - Slurm DBD accounting daemon
   Loaded: loaded (/lib/systemd/system/slurmdbd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Di 2018-02-06 08:42:59 CET; 21s ago
  Process: 5881 ExecStart=/usr/sbin/slurmdbd $SLURMDBD_OPTIONS (code=exited, status=1/FAILURE)

Feb 06 08:42:59 accslurm systemd[1]: Starting Slurm DBD accounting daemon...
Feb 06 08:42:59 accslurm systemd[1]: slurmdbd.service: Control process exited, code=exited status=1
Feb 06 08:42:59 accslurm systemd[1]: Failed to start Slurm DBD accounting daemon.
Feb 06 08:42:59 accslurm systemd[1]: slurmdbd.service: Unit entered failed state.
Feb 06 08:42:59 accslurm systemd[1]: slurmdbd.service: Failed with result 'exit-code'.
$ journalctl -xe
Feb 06 08:42:59 accslurm systemd[1]: Starting Slurm DBD accounting daemon...
-- Subject: Unit slurmdbd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit slurmdbd.service has begun starting up.
Feb 06 08:42:59 accslurm systemd[1]: slurmdbd.service: Control process exited, code=exited status=1
Feb 06 08:42:59 accslurm systemd[1]: Failed to start Slurm DBD accounting daemon.
-- Subject: Unit slurmdbd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit slurmdbd.service has failed.
-- 
-- The result is failed.

尝试使用详细输出手动执行此操作：

$ sudo -u slurm slurmdbd -Dvvv
slurmdbd: error: mysql_query failed: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ignore table cluster_table modify `creation_time` int unsigned not null, modify ' at line 1
alter ignore table cluster_table modify `creation_time` int unsigned not null, modify `mod_time` int unsigned default 0 not null, modify `deleted` tinyint default 0, modify `name` tinytext not null, modify `control_host` tinytext not null default '', modify `control_port` int unsigned not null default 0, modify `last_port` int unsigned not null default 0, modify `rpc_version` smallint unsigned not null default 0, modify `classification` smallint unsigned default 0, modify `dimensions` smallint unsigned default 1, modify `plugin_id_select` smallint unsigned default 0, modify `flags` int unsigned default 0, drop primary key, add primary key (name(20));
slurmdbd: Accounting storage MYSQL plugin failed
slurmdbd: error: Couldn't load specified plugin name for accounting_storage/mysql: Plugin init() callback failed
slurmdbd: error: cannot create accounting_storage context for accounting_storage/mysql
slurmdbd: fatal: Unable to initialize accounting_storage/mysql accounting storage plugin

所以看起来创建数据库的语法有错误？

我错过了什么？

我有一个正在运行的带有 LDAP 身份验证的 Gitlab CE 安装。现在我想根据组成员身份限制访问。

该选项user_filter似乎是可以选择的。但是，我似乎无法让任何人根据组成员身份登录。

我尝试的是这个（gitlabaccess应该被允许登录的组）：

user_filter: '(&(objectclass=group)(samaccountname=gitlabaccess))'

或者：

user_filter: '(memberOf=cn=gitlabaccess,DC=my,DC=domain,DC=com)'

该文档说明了以下内容，但它也不起作用，我不知道数字应该是什么：

user_filter: '(memberOf:1.2.840.113556.1.4.1941:=cn=gitlabaccess,DC=my,DC=domain,DC=com)'

特定用户的工作方式如下：

user_filter: '(&(objectclass=user)(samaccountname=jon.doe))'

从综合包安装的 Gitlab CE 版本 9.5.5。

如何根据 LDAP 组成员身份限制对 Gitlab 的访问？

我想通过 SNMP 监控几个服务的状态。

手册页说：

proc NAME [MAX [MIN]]
              monitors the number of processes called NAME (as reported by "/bin/ps -e") running on the local system.

所以我将这些行添加到/etc/snmp/snmpd.conf：

proc smbd
proc nfsd

但相应的 OID 仍返回零：

iso.3.6.1.4.1.2021.2.1.100.4 = INTEGER: 0
iso.3.6.1.4.1.2021.2.1.100.5 = INTEGER: 0

尽管ps -e显示smbd和nfsd处理：

> ps -e | grep "smbd\|nfsd"
 8267 ?        00:00:01 smbd
10179 ?        00:00:04 smbd
11068 ?        00:00:00 nfsd4_callbacks
11072 ?        00:12:53 nfsd
11073 ?        00:13:33 nfsd
11074 ?        00:14:35 nfsd
11075 ?        00:16:23 nfsd
11076 ?        00:21:52 nfsd
11077 ?        00:33:34 nfsd
11078 ?        00:48:10 nfsd
11079 ?        01:02:44 nfsd
15135 ?        00:00:03 smbd
15137 ?        00:00:17 smbd
15141 ?        00:00:05 smbd
20603 ?        00:00:00 smbd

我还能够使用 OID 获取正在运行的进程列表，1.3.6.1.2.1.25.4.2.1.2其中还包含smbd和nfsd进程：

> snmpwalk -v 2c -c secret host 1.3.6.1.2.1.25.4.2.1.2 | grep "smbd\|nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11068 = STRING: "nfsd4_callbacks"
iso.3.6.1.2.1.25.4.2.1.2.11072 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11073 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11074 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11075 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11076 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11077 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11078 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11079 = STRING: "nfsd"
iso.3.6.1.2.1.25.4.2.1.2.11724 = STRING: "smbd"
iso.3.6.1.2.1.25.4.2.1.2.12367 = STRING: "smbd"
iso.3.6.1.2.1.25.4.2.1.2.15135 = STRING: "smbd"
iso.3.6.1.2.1.25.4.2.1.2.15137 = STRING: "smbd"
iso.3.6.1.2.1.25.4.2.1.2.15141 = STRING: "smbd"
iso.3.6.1.2.1.25.4.2.1.2.29897 = STRING: "smbd"

它是否应该像这样工作并且使用procSNMP 指令监视服务是一个好主意还是我应该使用extends （已经让它们为 ZFS 和 SLURM 状态工作）？

环境：

• NET-SNMP 5.7.3
• Ubuntu 服务器 16.04

我正在尝试让 samba 共享在 Windows (SID) 和 Linux (uid/gid) 客户端上使用正确的 ID。问题是 uid 和 gid 没有正确映射回 SID 并且 SID 没有解析为名称。什么可能导致这个问题，如何解决？

什么有效

• 从 Active Directory UNIX 属性映射到 Linux 上的 uid/gid
• 访问共享
  • Windows：资源管理器中的 UNC-Path，接受 Kerberos 票证（凭证没有问题）
  • Linux：sudo mount -t cifs //ribonas2/test /mnt/ribonas2/smb/ -o domain=DOMAIN,username=paul.jaehne
• 处理共享上的文件

什么不起作用

• 在 Windows 上创建的文件具有Unix User\和Unix Group\（在打开安全选项卡时，UNIX uid 和 gid 也会在很短的时间内可见）而不是DOMAIN\作为用户和组的前缀
• 添加权限是有缺陷的：我可以从域中添加主体，然后很快就会DOMAIN\whatever正确显示。当我等待一段时间或从另一台计算机查看共享时，仅显示 SID（SID 正确，但未解析为名称）：

环境/配置

• 我使用了以下指南（由于信誉要求，无法添加真实链接）：
  • Ubuntu 16.04 SAMBA 文件服务器指南
  • Ubuntu 16.04 SSSD AD 指南
  • SAMBA 维基域成员
  • SAMBA 维基 ACL
• 多个域控制器（Windows Server 2003 和 Windows Server 2012 R2）
• Windows Server 2003 中的 Active Directory 架构
• Ubuntu 服务器 16.04
  • SSSD 1.13.4-1ubuntu1.1
  • SMB 2:4.3.8+dfsg-0ubuntu1
  • 加入了两者realm join和net ads join

sssd.conf：

[sssd]
domains = domain.company.com
config_file_version = 2
services = nss, pam

[domain/domain.company.com]
realmd_tags = manages-system joined-with-adcli
ad_domain = domain.company.com
krb5_realm = DOMAIN.COMPANY.COM

id_provider = ad
cache_credentials = True
krb5_store_password_if_offline = True
enumerate = True
use_fully_qualified_names = False

fallback_homedir = /home/%d/%u
default_shell = /bin/bash

# use uid and gid from active directory
ldap_id_mapping = False

# needed to use correct active directory properties (Windows Server 2003)
ldap_schema = ad
ldap_user_object_class = person
ldap_user_name = msSFU30Name
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_shell = msSFU30LoginShell
ldap_user_gecos = displayName
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_group_gid_number = msSFU30GidNumber

smb.conf（标准配置文件中的设置是缩进的）：

[global]
server role = member server
workgroup = DOMAIN
realm = DOMAIN.COMPANY.COM
security = ads
password server = dc1.domain.company.com # shouldn't be necessary and same problem without this line
idmap config * : backend = tdb
idmap config * : range = 100000-999999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-20000 # the UNIX attributes are manually assigned in this range
kerberos method = secrets and keytab

    server string = %h server (Samba, Ubuntu)

    dns proxy = no

    log file = /var/log/samba/log.%m
log level = 10
    max log size = 1000
    syslog = 0

    panic action = /usr/share/samba/panic-action %d

    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes

    map to guest = bad user

    usershare allow guests = yes

# needed for Windows ACL/ACE
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

[test]
    path = /srv/samba/test
    writable = yes

TL;DR：为什么 UNIX 属性不解析为 SID，为什么 SID 不解析为名称？