Again Problems after Updates

hucky · December 17, 2016, 7:38am

NethServer release 7.3.1611 (rc3)

During the Updates got Error messages that he could not finish Updates, clear yum etc.
After Clear yum again error with ndpi. After reboot again Error with ndpi. This is shown:
Deep Packet Inspection (DPI) module is not available
Restart the system and select a Linux kernel with DPI module support

And lost again the verification of my Users. The Domain is up and ready and shown without errors.
The Mysql is not started.

In the Overview it shows now only my Useraccounts, not the formerly ones. So i have only :
Benutzer
2
Benutzergruppen
3
eMail Adressen
2
Maschinenkonten
3

The Kernel what is used is the ony 4.4.22-1.e17.elrepo.x86-64

Any ideas or solutions?

Also see errors for Updates:

(2/10): base/7/x86_64/group_gz | 155 kB 00:00
epel/x86_64/updateinfo FAILED
https://mirror.imt-systems.com/epel/7/x86_64/repodata/69273bdf64c96c1b03fc923e6b682a7aa4ea85124e495a3806cc5ef6beafdc15-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

epel/x86_64/primary_db FAILED
https://mirror.netcologne.de/fedora-epel/7/x86_64/repodata/2f2d8ee599b6d4f45a8f51537e0328bdd1ece4f0b7fc6b80e500c271bab5a706-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found

dnutan · December 17, 2016, 8:10am

Could this be related?

http://docs.nethserver.org/en/v7rc/release_notes.html#upgrading-rc2-to-rc3

To upgrade a system running kernel-lt with DPI support, execute these commands before updating:

[code]cat << EOF > /etc/sysconfig/kernel

UPDATEDEFAULT specifies if new-kernel-pkg should make

new kernels the default

UPDATEDEFAULT=yes

DEFAULTKERNEL specifies the default kernel package type

DEFAULTKERNEL=kernel
EOF

yum reinstall grubby -y[/code]

About the 404 error with epel mirrors it happens from time to time (not relevant if at the end it finds a working mirror).

hucky · December 17, 2016, 8:13am

i will check it

hucky · December 17, 2016, 8:21am

does not work

hucky · December 17, 2016, 10:14am

i have uninstall the Deep packet inspection (DPI) right now. But Problems with the Users are not gone. Not possible to log on with Sogo etc. I really appreciate the work from the guys here but if after every Update the mainstuff is not working is it very annoying.

davidep · December 17, 2016, 11:23am

I understand your frustration. Do you find any error message from sssd?

 journalctl -u sssd

Try again the leave/join procedure we issued some days ago!

hucky · December 17, 2016, 11:25am

have tried the leave and join procedure, dont work

hucky · December 17, 2016, 11:28am

in the journal -u sssd no errors

hucky · December 17, 2016, 11:30am

i also got errors during the updates i havent before:

https://mirror.imt-systems.com/epel/7/x86_64/repodata/69273bdf64c96c1b03fc923e6b682a7aa4ea85124e495a3806cc5ef6beafdc15-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

If above article doesn’t help to resolve this issue please create a bug on https://bugs.centos.org/

epel/x86_64/primary_db FAILED
https://mirror.netcologne.de/fedora-epel/7/x86_64/repodata/2f2d8ee599b6d4f45a8f51537e0328bdd1ece4f0b7fc6b80e500c271bab5a706-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
(4/10): nethserver-updates/7/x86_64/group_gz | 16 kB 00:00:00
(5/10): base/7/x86_64/primary_db | 5.6 MB 00:00:00
(6/10): nethserver-updates/7/x86_64/primary_db | 2.1 kB 00:00:00
(7/10): epel/x86_64/updateinfo | 691 kB 00:00:00
(8/10): nethserver-base/7/x86_64/primary_db | 170 kB 00:00:00
epel/x86_64/primary_db FAILED
https://mirror.imt-systems.com/epel/7/x86_64/repodata/2f2d8ee599b6d4f45a8f51537e0328bdd1ece4f0b7fc6b80e500c271bab5a706-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
(9/10): epel/x86_64/primary_db | 4.4 MB 00:00:00
(10/10): updates/7/x86_64/primary_db | 1.2 MB 00:00:01
Determining fastest mirrors

base: mirror.rackspeed.de
epel: mirror.imt-systems.com

davidep · December 17, 2016, 11:35am

@hucky, quoting @dnutan above

davidep · December 17, 2016, 11:39am

Could you try

account-provider-test

Then

account-provider-test dump

hucky · December 17, 2016, 11:41am

[ERROR] cannot execute /usr/bin/ldapsearch. To workaround this type:

 yum install openldap-clients

[root@sbs ~]# account-provider-test dump
{
“startTls” : “”,
“bindUser” : “SBS$”,
“userDN” : “dc=compu-max,dc=lan”,
“port” : 636,
“isAD” : “1”,
“host” : “compu-max.lan”,
“groupDN” : “dc=compu-max,dc=lan”,
“isLdap” : “”,
“ldapURI” : “ldaps://compu-max.lan”,
“baseDN” : “dc=compu-max,dc=lan”,
“bindPassword” : “jBVl16OKR80OcZ”,
“bindDN” : “COMPU-MAX\SBS$”

davidep · December 17, 2016, 12:01pm

Install and run again

hucky · December 17, 2016, 12:38pm

[code][root@sbs ~]# account-provider-test

extended LDIF

LDAPv3

base <dc=compu-max,dc=lan> with scope baseObject

filter: (objectClass=*)

requesting: ALL

compu-max.lan

dn: DC=compu-max,DC=lan
objectClass: top
objectClass: domain
objectClass: domainDNS
instanceType: 5
whenCreated: 20161021112432.0Z
uSNCreated: 8
name: compu-max
objectGUID:: 0Tg8os3xUkaL7V4KuMx8nQ==
objectSid:: AQQAAAAAAAUVAAAArgoFLfMkPOX9n/6b
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=compu-max,DC=lan
dc: compu-max
auditingPolicy:: AAE=
creationTime: 131215226720000000
forceLogoff: -9223372036854775808
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=compu-max,DC=lan;0]
isCriticalSystemObject: TRUE
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
minPwdLength: 7
modifiedCount: 1
modifiedCountAtLastProm: 0
msDS-AllUsersTrustQuota: 1000
msDS-Behavior-Version: 4
ms-DS-MachineAccountQuota: 10
msDS-NcType: 0
msDS-PerUserTrustQuota: 1
msDS-PerUserTrustTombstonesQuota: 10
nextRid: 1000
nTMixedDomain: 0
oEMInformation: Provisioned by SAMBA 4.4.5
pwdProperties: 1
pwdHistoryLength: 24
serverState: 1
systemFlags: -1946157056
uASCompat: 1
rIDManagerReference: CN=RID Manager$,CN=System,DC=compu-max,DC=lan
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=comp
u-max,DC=lan
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
m Data,DC=compu-max,DC=lan
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=com
pu-max,DC=lan
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
cipals,DC=compu-max,DC=lan
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
compu-max,DC=lan
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=c
ompu-max,DC=lan
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=com
pu-max,DC=lan
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=compu-max
,DC=lan
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
DC=compu-max,DC=lan
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=compu-
max,DC=lan
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=compu-max,
DC=lan
fSMORoleOwner: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site-N
ame,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
msDs-masteredBy: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
msDS-IsDomainFor: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
masteredBy: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
minPwdAge: 0
maxPwdAge: -9223372036854775808
whenChanged: 20161021112639.0Z
uSNChanged: 3732
distinguishedName: DC=compu-max,DC=lan

search result

search: 2
result: 0 Success

numResponses: 2

numEntries: 1

[root@sbs ~]# account-provider-test dump
{
“startTls” : “”,
“bindUser” : “SBS$”,
“userDN” : “dc=compu-max,dc=lan”,
“port” : 636,
“isAD” : “1”,
“host” : “compu-max.lan”,
“groupDN” : “dc=compu-max,dc=lan”,
“isLdap” : “”,
“ldapURI” : “ldaps://compu-max.lan”,
“baseDN” : “dc=compu-max,dc=lan”,
“bindPassword” : “jBVl16OKR80OcZ”,
“bindDN” : “COMPU-MAX\SBS$”[/code]

hucky · December 17, 2016, 12:48pm

nothing changed.

davidep · December 17, 2016, 1:18pm

Some other commands, just trying to understand where is the problem:

 id admin
 id administrator
 net ads info
 net ads testjoin
 /usr/libexec/nethserver/list-users
 net ads search -P samaccountname=administrator

Then

 kinit administrator@compu-max.lan

hucky · December 17, 2016, 3:47pm

everything get ok´s without an error but the kinit respond:

KDC reply did not match expectations while getting initial credentials

hucky · December 17, 2016, 4:41pm

this really makes me upset. it is the third time i only install the updates what comes with the softwarecenter and after it something is broken

davidep · December 17, 2016, 4:53pm

Don’t be upset, we’ll find a solution. Let’s see

 cat /etc/resolv.conf

It could be mangled… Then try fix

 signal-event nethserver-dnsmasq-save

And kinit again

hucky · December 17, 2016, 6:26pm

also everything ok with cat /etc/resolv.conf

after kinit same problem
KDC reply did not match expectations while getting initial credentials