I’m quite busy these days, sorry for the delay.
I’d try to reproduce it with another backup!
Meanwhile if somebody else from @quality_team can reproduce it, would be appreciated!
I’m quite busy these days, sorry for the delay.
I’d try to reproduce it with another backup!
Meanwhile if somebody else from @quality_team can reproduce it, would be appreciated!
2 posts were split to a new topic: Restore procedure with POP3 connector leads to duplicate messages
So, has anyone else run into this issue?
Has anyone had a successful disaster recovery of a samba dc setup?
I would like to find out if this is just me and I need to figure what I’m doing wrong or if there’s an underlying problem with restoring a samba dc.
I deleted the backups.
I fired up the populated machine… samba, file sharing, nextcloud.
I set off a full backup, verified by email.
I installed a fresh install from iso in virtualbox. I setup network, fqdn, and updated… huge, rebooted.
I installed backup, setup backup to previous full backup.
Checked backup was connected… restored…environment restored… auth fail.
So… I fooled around at the cli, nothing worked.
[root@server7c ~]# systemd-run -t -M nsdc /bin/bash
Running as unit run-6473.service.
Press ^] three times within 1s to disconnect TTY.
bash-4.2# samba-tool user enable administrator
Enabled user 'administrator'
bash-4.2# samba-tool user setpassword administrator --newpassword=Nethesis,1234
Changed password OK
bash-4.2# ^^^
bash: :s^^^: no previous substitution
bash-4.2# exit
exit
[root@server7c ~]# net ads info
LDAP server: 192.168.124.228
LDAP server name: nsdc-server7c.domain.com
Realm: domain.COM
Bind Path: dc=domain,dc=COM
LDAP port: 389
Server time: Wed, 22 Feb 2017 14:07:43 MST
KDC server: 192.168.124.228
Server time offset: 0
Last machine account password change: Wed, 31 Dec 1969 17:00:00 MST
[root@server7c ~]# getent passwd administrator@`config get DomainName`
administrator@domain.com:*:1318000500:1318000513:Administrator:/var/lib/nethserver/home/administrator:/usr/libexec/openssh/sftp-server
[root@server7c ~]# host -t SRV _ldap._tcp.`config get DomainName`
_ldap._tcp.domain.com has SRV record 0 100 389 nsdc-server7c.domain.com.
[root@server7c ~]# > /etc/sssd/sssd.conf
[root@server7c ~]# realm join `config get DomainName`
realm: Already joined to this domain
[root@server7c ~]# expand-template /etc/sssd/sssd.conf
current domain accounts
NetBIOS domain name: domain
LDAP server: 192.168.124.228
LDAP server name: nsdc-server7c.domain.com
Realm: domain.COM
Bind Path: dc=domain,dc=COM
LDAP port: 389
Server time: Wed, 22 Feb 2017 14:13:18 MST
KDC server: 192.168.124.228
Server time offset: 0
Last machine account password change: Wed, 31 Dec 1969 17:00:00 MST
Enter SERVER7C$@domain.COM's password:Join to domain is not valid: NT code 0xfffffff6
I’m currently on mail-server and docs. I hope to be back on DC soon! I’m really missing it
You’re right, the backup/restore of configuration fails: I can reproduce it!
Luckily, you can workaround the issue with the following commands:
signal-event nethserver-sssd-leave
realm join -U admin $(hostname -d)
...[enter admin's password]
signal-event nethserver-sssd-save
The problem is caused by a little oversight in the backup procedure. The samba secrets.tdb backup is not actually executed! That file contains the machine password. It can be obtained again with the leave/join workaround above.
All existing systems are affected by this bug.
A package is ready from nethserver-testing repo: /cc @quality_team
yum --enablerepo=nethserver-testing update nethserver-sssd-1.1.7-1.5.g514186f.ns7.noarch
The fix involves the backup procedure:
I beg your pardon but… shouldn’t the backup and restore procedure be tested before releasing a stable OS?
I mean: nothing is perfect, but having a stable release with totally broken backup function sounds frightening to me…
Well, the backup is not “totally broken”: as you see there’s a simple workaround. I see no reason to be frightened!
… and it has been tested, as you can see here:
https://github.com/NethServer/dev/issues/5188
What’s the point? How could we improve the QA test? More helpful people?
Davide: AD feature is a core one… it’s, maybe, the most important one NS has (compared to NS6.8)
when you released as STABLE NS7 the backup/restore function was broken (hence this topic), wasn’t it?
and a restore which doesn’t work is useless… you’ve found a workaround, but this is the kind of things you’d have done earlier, in RC stage.
for the point, see above…
for the other questions, I answer using a picture (if you follow Rugby you’ll know what I mean)
given enough eyeballs, all bugs are shallow
Said someone once. Thanks @fasttech for your eyes
Over the last year, we had more than 1k posts about bug/testing discussions, some hundreds of bugs fixed, more than 50 people involved in testing. Check out Testing Bug for further information.
Do we need more people? Of course! @Stefano_Zamboni feel free to offer your support
I would really love to see your participation in testing and reporting, the more hand on deck the better
Not following. Who are you blaming?
We’re fixing it now and @davidep is offering all the help he can. So? What’s your point?
You are free to state whatever you want. I feel obligated to point out that we don’t need referees, we need people who are willing to help in a constructive manner.
Again, feel free to support and help us to improve the product.
I’m already doing so… I’m not the only one who noticed that NS was released “a bit” in hurry (just before FOSDEM)
I think you did not get the point of the picture (strange enough, you’re the bigger fan of pictures here…)
hint:
> yum install irony
Sorry! My fault. I didn’t get the irony. You know, it could happen online.
Going back to the topic, @fasttech could you please verify @davidep’s fix?
Soon as I can get a block of time, I’ll get on it.
@Stefano_Zamboni you’re a serious drag. I happen to agree with you, as does everyone else I would guess, that disaster recovery is probably one of the most important functions… that’s why I’m testing it, when I have time, documenting the issues and passing them on the devs… instead of sniveling and whining about it, and beating the dead horse. In the words of an actor in a movie… “Son, you have an attitude problem”.
thank you, I’m proud of it
and, be sure, I won’t stop
fine… just some questions (and you’re in the quality team, so I guess you’re the right person to ask so):
I know, but it’s not an issue on my side, and I can live with it
Good to know, I’m going to spend my time testing, as opposed to wasting it on a troll. Bye.
I’m confused, Is backup and restore working for Nethserver-DC or is it still broken?