Yes not relative to sogo, you cannot authenticate any ldap client
Yes, so it seems. How should I best proceed to get it fixed ?
Any logs I should look into or commands I could try to pinpoint the problem, and more importantly find a solution.
When you look to the line 400 of your pastebin, you can see that the event nethserver-dc-update upgraded the sambaAD VM to centos7.5.
If I understand correctly this could be the key of the problem
@davidep do i’m wrong ?
What did it do that for , can and should I revert that upgrade?
Keep calm, how many users have you on your system ?
About 40 to 50 accounts of which like some 20 active users.
Downgrade seems to be an option, but waiting on your reply
]# yum downgrade nethserver-dc.x86_64
Loaded plugins: changelog, fastestmirror, nethserver_events
sb-base | 3.6 kB 00:00:00
sb-centos-sclo-rh | 3.0 kB 00:00:00
sb-centos-sclo-sclo | 2.9 kB 00:00:00
sb-epel | 4.7 kB 00:00:00
sb-extras | 3.4 kB 00:00:00
sb-nethserver-base | 2.9 kB 00:00:00
sb-nethserver-updates | 4.1 kB 00:00:00
sb-updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package nethserver-dc.x86_64 0:1.4.5-1.ns7 will be a downgrade
---> Package nethserver-dc.x86_64 0:1.5.0-1.ns7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Downgrading:
nethserver-dc x86_64 1.4.5-1.ns7 sb-nethserver-updates 13 M
Transaction Summary
================================================================================================================================================
Downgrade 1 Package
Total download size: 13 M
Is this ok [y/d/N]: n
Exiting on user command
I’m looking at the attached log…
Thank you, we really need the SOGo calendar functionality.
So, all LDAP clients fail to connect with AD LDAP service: is it running? Any error in journal?
account-provider-test dump
ping $(config getprop nsdc IpAddress)
systemctl status nsdc
journalctl nsdc
journalctl -M nsdc
If the nsdc
service is stopped try with:
systemctl start nsdc
…and see if any error occurs in journals
https://paste.ee/p/0viWB#s=0&l=439
It seems your system was updated from sb-*
repositories as expected. However for a reason that needs to be dug more deeply the NSDC chroot was updated against 7.5 repositories.
So your NethServer is still at 7.4. Only nsdc chroot is rebased on 7.5.
Everything seems to function, only journalctl nsdc returns :
Failed to add match 'nsdc': Invalid argument
Failed to add filters: Invalid argument
First three commands seems to return valid responses and last one shows many many pages of logs.
I’ll try to anonymize some and post them for you.
~]# systemctl status nsdc
● nsdc.service - NethServer Domain Controller container
Loaded: loaded (/usr/lib/systemd/system/nsdc.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2018-05-14 05:27:08 CEST; 9h ago
Docs: man:systemd-nspawn(1)
Main PID: 2825 (systemd-nspawn)
Status: “Container running.”
CGroup: /machine.slice/nsdc.service
├─2825 /usr/bin/systemd-nspawn --quiet --keep-unit --boot --network-bridge=br0 --machine=nsdc --capability=CAP_SYS_TIME
├─2829 /usr/lib/systemd/systemd
└─system.slice
├─samba.service
│ ├─5896 /usr/sbin/samba -i --debug-stderr
│ ├─6141 /usr/sbin/samba -i --debug-stderr
│ ├─6142 /usr/sbin/samba -i --debug-stderr
│ ├─6143 /usr/sbin/samba -i --debug-stderr
│ ├─6144 /usr/sbin/samba -i --debug-stderr
│ ├─6145 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─6146 /usr/sbin/samba -i --debug-stderr
│ ├─6147 /usr/sbin/samba -i --debug-stderr
│ ├─6148 /usr/sbin/samba -i --debug-stderr
│ ├─6150 /usr/sbin/samba -i --debug-stderr
│ ├─6151 /usr/sbin/samba -i --debug-stderr
│ ├─6152 /usr/sbin/samba -i --debug-stderr
│ ├─6153 /usr/sbin/samba -i --debug-stderr
│ ├─6154 /usr/sbin/samba -i --debug-stderr
│ ├─6155 /usr/sbin/samba -i --debug-stderr
│ ├─6158 /usr/sbin/samba -i --debug-stderr
│ ├─6159 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
│ ├─6166 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
│ ├─6168 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ ├─6169 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
│ └─6175 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
├─console-getty.service
│ └─5854 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
├─systemd-logind.service
│ └─5818 /usr/lib/systemd/systemd-logind
├─dbus.service
│ └─5623 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─ntpd.service
│ └─5731 /usr/sbin/ntpd -u ntp:ntp -g
└─systemd-journald.service
└─5515 /usr/lib/systemd/systemd-journald
May 14 05:27:14 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Started Network Service.
May 14 05:27:14 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Reached target Network.
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Started Samba domain controller daemon.
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: Starting Samba domain controller daemon...
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Reached target Multi-User System.
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Reached target Graphical Interface.
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: Starting Update UTMP about System Runlevel Changes...
May 14 05:27:15 nethserver.ourdomain.com systemd-nspawn[2825]: [ OK ] Started Update UTMP about System Runlevel Changes.
May 14 05:27:16 nethserver.ourdomain.com systemd-nspawn[2825]: CentOS Linux 7 (Core)
May 14 05:27:16 nethserver.ourdomain.com systemd-nspawn[2825]: Kernel 3.10.0-693.21.1.el7.x86_64 on an x86_64
and an excerpt from the journalctl -M nsdc
Sorry it was:
journalctl -u nsdc
I’ve tried to reproduce the unexpected RPM installation from 7.5 repositories:
- On installation, NSDC packages were downloaded from 7.4 as expected.
- However if I run the nsdc update procedure upstream repositories (7.5) are used.
It does not seem a problem, as the nsdc process is running. However I found an issue with the KDC process of Samba DC:
journalctl -M nsdc -u samba
One of the lines:
May 14 14:59:38 nsdc-vm7.ad.dpnet.nethesis.it samba[158]: task_server_terminate: [kdc: krb5_init_context failed]
Do you have the same?
Yes!
The workaround to the bad Samba DC startup, is edit/fixing krb5.conf under the nsdc chroot. Just run this command:
cp -vfp /var/lib/machines/nsdc/var/lib/samba/private/krb5.conf /var/lib/machines/nsdc/etc/krb5.conf
Then stop and start the samba DC process
systemctl -M nsdc stop samba
systemctl -M nsdc start samba
Now I must investigate why the nsdc container wants to download from 7.5 repositories
Yes that solved it, thank you very much!
Filed an issue, the fix is available from nethserver-testing repo, but requires the following command to be applied:
signal-event nethserver-dc-upgrade
Something I can do to help, does it need testing?
Everything should be fixed.
The fix has been released even for NS 7.4 to avoid problem for users who still need to upgrade.
Hello,
thanks the commands works for me,
but look like was just need to restart samba as mentioned.
why ?
because there wasn’t any diff between the .conf file.
More details:
- on :9090/nethserver#/users-groups
shown there is no users shown on users and groups page
- on :980/en-US/Account
shown there is no users shown on users and groups page
and
LDAP client internal error (AccountProvider_Error_82)
- cat /var/lib/nethserver/backup/users.tsv & groups
there nothings
Best Regards