Again Problems after Updates

dnutan · December 17, 2016, 8:10am

Could this be related?

http://docs.nethserver.org/en/v7rc/release_notes.html#upgrading-rc2-to-rc3

To upgrade a system running kernel-lt with DPI support, execute these commands before updating:

[code]cat << EOF > /etc/sysconfig/kernel

UPDATEDEFAULT specifies if new-kernel-pkg should make

new kernels the default

UPDATEDEFAULT=yes

DEFAULTKERNEL specifies the default kernel package type

DEFAULTKERNEL=kernel
EOF

yum reinstall grubby -y[/code]

About the 404 error with epel mirrors it happens from time to time (not relevant if at the end it finds a working mirror).

hucky · December 17, 2016, 8:13am

i will check it

hucky · December 17, 2016, 8:21am

does not work

hucky · December 17, 2016, 10:14am

i have uninstall the Deep packet inspection (DPI) right now. But Problems with the Users are not gone. Not possible to log on with Sogo etc. I really appreciate the work from the guys here but if after every Update the mainstuff is not working is it very annoying.

davidep · December 17, 2016, 11:23am

I understand your frustration. Do you find any error message from sssd?

 journalctl -u sssd

Try again the leave/join procedure we issued some days ago!

hucky · December 17, 2016, 11:25am

have tried the leave and join procedure, dont work

hucky · December 17, 2016, 11:28am

in the journal -u sssd no errors

hucky · December 17, 2016, 11:30am

i also got errors during the updates i havent before:

https://mirror.imt-systems.com/epel/7/x86_64/repodata/69273bdf64c96c1b03fc923e6b682a7aa4ea85124e495a3806cc5ef6beafdc15-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

If above article doesn’t help to resolve this issue please create a bug on https://bugs.centos.org/

epel/x86_64/primary_db FAILED
https://mirror.netcologne.de/fedora-epel/7/x86_64/repodata/2f2d8ee599b6d4f45a8f51537e0328bdd1ece4f0b7fc6b80e500c271bab5a706-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
(4/10): nethserver-updates/7/x86_64/group_gz | 16 kB 00:00:00
(5/10): base/7/x86_64/primary_db | 5.6 MB 00:00:00
(6/10): nethserver-updates/7/x86_64/primary_db | 2.1 kB 00:00:00
(7/10): epel/x86_64/updateinfo | 691 kB 00:00:00
(8/10): nethserver-base/7/x86_64/primary_db | 170 kB 00:00:00
epel/x86_64/primary_db FAILED
https://mirror.imt-systems.com/epel/7/x86_64/repodata/2f2d8ee599b6d4f45a8f51537e0328bdd1ece4f0b7fc6b80e500c271bab5a706-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
(9/10): epel/x86_64/primary_db | 4.4 MB 00:00:00
(10/10): updates/7/x86_64/primary_db | 1.2 MB 00:00:01
Determining fastest mirrors

base: mirror.rackspeed.de
epel: mirror.imt-systems.com

davidep · December 17, 2016, 11:35am

@hucky, quoting @dnutan above

davidep · December 17, 2016, 11:39am

Could you try

account-provider-test

Then

account-provider-test dump

hucky · December 17, 2016, 11:41am

[ERROR] cannot execute /usr/bin/ldapsearch. To workaround this type:

 yum install openldap-clients

[root@sbs ~]# account-provider-test dump
{
“startTls” : “”,
“bindUser” : “SBS$”,
“userDN” : “dc=compu-max,dc=lan”,
“port” : 636,
“isAD” : “1”,
“host” : “compu-max.lan”,
“groupDN” : “dc=compu-max,dc=lan”,
“isLdap” : “”,
“ldapURI” : “ldaps://compu-max.lan”,
“baseDN” : “dc=compu-max,dc=lan”,
“bindPassword” : “jBVl16OKR80OcZ”,
“bindDN” : “COMPU-MAX\SBS$”

davidep · December 17, 2016, 12:01pm

Install and run again

hucky · December 17, 2016, 12:38pm

[code][root@sbs ~]# account-provider-test

extended LDIF

LDAPv3

base <dc=compu-max,dc=lan> with scope baseObject

filter: (objectClass=*)

requesting: ALL

compu-max.lan

dn: DC=compu-max,DC=lan
objectClass: top
objectClass: domain
objectClass: domainDNS
instanceType: 5
whenCreated: 20161021112432.0Z
uSNCreated: 8
name: compu-max
objectGUID:: 0Tg8os3xUkaL7V4KuMx8nQ==
objectSid:: AQQAAAAAAAUVAAAArgoFLfMkPOX9n/6b
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=compu-max,DC=lan
dc: compu-max
auditingPolicy:: AAE=
creationTime: 131215226720000000
forceLogoff: -9223372036854775808
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=compu-max,DC=lan;0]
isCriticalSystemObject: TRUE
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
minPwdLength: 7
modifiedCount: 1
modifiedCountAtLastProm: 0
msDS-AllUsersTrustQuota: 1000
msDS-Behavior-Version: 4
ms-DS-MachineAccountQuota: 10
msDS-NcType: 0
msDS-PerUserTrustQuota: 1
msDS-PerUserTrustTombstonesQuota: 10
nextRid: 1000
nTMixedDomain: 0
oEMInformation: Provisioned by SAMBA 4.4.5
pwdProperties: 1
pwdHistoryLength: 24
serverState: 1
systemFlags: -1946157056
uASCompat: 1
rIDManagerReference: CN=RID Manager$,CN=System,DC=compu-max,DC=lan
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=comp
u-max,DC=lan
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
m Data,DC=compu-max,DC=lan
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=com
pu-max,DC=lan
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
cipals,DC=compu-max,DC=lan
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
compu-max,DC=lan
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=c
ompu-max,DC=lan
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=com
pu-max,DC=lan
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=compu-max
,DC=lan
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
DC=compu-max,DC=lan
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=compu-
max,DC=lan
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=compu-max,
DC=lan
fSMORoleOwner: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site-N
ame,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
msDs-masteredBy: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
msDS-IsDomainFor: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
masteredBy: CN=NTDS Settings,CN=NSDC-SBS,CN=Servers,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=compu-max,DC=lan
minPwdAge: 0
maxPwdAge: -9223372036854775808
whenChanged: 20161021112639.0Z
uSNChanged: 3732
distinguishedName: DC=compu-max,DC=lan

search result

search: 2
result: 0 Success

numResponses: 2

numEntries: 1

[root@sbs ~]# account-provider-test dump
{
“startTls” : “”,
“bindUser” : “SBS$”,
“userDN” : “dc=compu-max,dc=lan”,
“port” : 636,
“isAD” : “1”,
“host” : “compu-max.lan”,
“groupDN” : “dc=compu-max,dc=lan”,
“isLdap” : “”,
“ldapURI” : “ldaps://compu-max.lan”,
“baseDN” : “dc=compu-max,dc=lan”,
“bindPassword” : “jBVl16OKR80OcZ”,
“bindDN” : “COMPU-MAX\SBS$”[/code]

hucky · December 17, 2016, 12:48pm

nothing changed.

davidep · December 17, 2016, 1:18pm

Some other commands, just trying to understand where is the problem:

 id admin
 id administrator
 net ads info
 net ads testjoin
 /usr/libexec/nethserver/list-users
 net ads search -P samaccountname=administrator

Then

 kinit administrator@compu-max.lan

hucky · December 17, 2016, 3:47pm

everything get ok´s without an error but the kinit respond:

KDC reply did not match expectations while getting initial credentials

hucky · December 17, 2016, 4:41pm

this really makes me upset. it is the third time i only install the updates what comes with the softwarecenter and after it something is broken

davidep · December 17, 2016, 4:53pm

Don’t be upset, we’ll find a solution. Let’s see

 cat /etc/resolv.conf

It could be mangled… Then try fix

 signal-event nethserver-dnsmasq-save

And kinit again

hucky · December 17, 2016, 6:26pm

also everything ok with cat /etc/resolv.conf

after kinit same problem
KDC reply did not match expectations while getting initial credentials

davidep · December 17, 2016, 6:38pm

Do you confirn nameserver is 127.0.0.1?