Software

Ok. SDM is not the best piece of software ever written. It fails on everybody and everything. There is a lot of grievance in a MSDN discussion thread.

Problem 1:
The first issue I encountered was that it didn't install. It said "The System Administrator Has Set Policies to Prevent This Installation". That is not a standard Windows error message, and I gather it is something the lovely programmers made the app say when failing.

Solution 1:
Run it with Administrator -privileges. The installation package is distributed as MSI-package and Windows Explorer doesn't offer the "Run as Administrator" -option on it. I started a Power Shell as administrator and executed the installed from there. That fixed it.

Problem 2:
Download fails to start on "Active Scripting must be enabled". Well, I have that enabled.

Solution 2:
Make sure following domains are in Trusted sites -list. (See: Internet Options -> Security)

• http://e5.onthehub.com
• http://static.onthehub.com
  
• http://ajax.googleapis.com

Then the goddamn thing starts to download.

I'd like to second OtaconHC's opinion from the MSDN-thread: The SDM is a failure by design.

My Fedora 19 got an update for KVM. It was a no biggie, nothing really happened at the time.

Then one of the virtual guests got a new kernel (RHSA-2013:0911-1). I rebooted the guest and BANG! My KVM hung the entires machine. I have the Magic SysRq enabled, but nothing. The box was completely hung.

The "funny" part happened after I forced a reboot from the button. The box wouldn't boot! My LDAP was corrupted. All I got was a "BDB0060 PANIC: fatal region error detected; run recovery" -message.

There is the /usr/bin/db_recover -tool, but it just said FUBAR. I didn't get the actual phrase, but surely you'll get the meaning. Then, what next? I was lucky enough to have a 3 week old slapcat of my entire LDAP. That was plenty of luck for me. But the morale of the story is, that I'll need to start dumping the LDAP or change the back-end format into something more recoverable.

Fedora 19 ships with Apache 2.4. After the install completed it very soon become obvious that my previous Apache 2.2 setup didn't work without changes. At the time I just took a bigger hammer and kept banging it until it started. Needless to say, it didn't have all my virtual hosts and services.

Now I spent a while getting all the necessary things working. The most common issue I had was:

authz_core:error AH01630: client denied by server configuration

This pretty weird error is caused by the fact that as default all access is denied and the classic:

Order allow,deny
Allow from all

... does not actually do anything on 2.4, instead it needs to be written as:

Require all granted

The change in the configuration actually makes the setup much clearer, but the obvious problem is that it is not compatible with the previous versions. In the conf.modules.d/00-base.conf there is a directive to load the compat-module:

LoadModule access_compat_module modules/mod_access_compat.so

I put the line into comment and started running my Apache with new style setup only.

My second biggest issue was with the services I'm running with allow access from my own LAN, but require LDAP authentication when traffic was not originating from my LAN. Apache 2.2 example would be:

Order Deny,Allow
Deny from all

Allow from my.lan
Allow from 2001:1234:5678::/64

AuthType Basic
AuthName www.my.lan
AuthBasicProvider ldap
AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)"
Require valid-user

Satisfy Any

The solution is very simple, just list the requirements and 2.4 somehow magically knows what you mean:

Require host my.lan
Require ip 2001:1234:5678::/64

AuthType Basic
AuthName www.my.lan
AuthBasicProvider ldap
AuthLDAPURL "ldap://server:389/ou=People,dc=example,dc=com?uid?sub?(objectClass=*)"

Require valid-user

Otherwise my migration was pretty smooth.