flatspin
(Ralf Jeckel)
September 23, 2016, 11:25am
1
@davidep I had stupid idea and created a domain with a very long name.
nsdc-ns7test2.verylongnametestns7.lan
The result was:
Sep 23 12:43:01 ns7test2 systemd-nspawn: [#033 [1;31mFAILED#033[0m] Failed to start Domain controller provisioning.
Sep 23 12:43:01 ns7test2 systemd-nspawn: See ‘systemctl status samba-provision.service’ for details.
and of course:
Sep 23 13:03:03 ns7test2 esmith::event[4981]: [ERROR] could not connect to Samba Domain Controller
Sep 23 13:03:03 ns7test2 esmith::event[4981]: Action: /etc/e-smith/events/nethserver-dc-save/S95nethserver-dc-waitstart FAILED: 1 [1202.174267]
4 Likes
davidep
(Davide Principi)
September 23, 2016, 11:34am
2
@alefattorini , I love this guy
3 Likes
flatspin
(Ralf Jeckel)
September 23, 2016, 2:38pm
3
davidep:
I love this guy
Sorry my friend, but I’m married.
O.k. bad joke, but siriously:
What are the login credentials for the container?
I wanted to do systemctl status samba-provisioning.service and I think I have to do this in the container machine. With machinectl login nsdc-xxxxx I get the login, but didn’t find out the credentials.
Not the root and not the administartor. Hmmmmm
2 Likes
davidep
(Davide Principi)
September 23, 2016, 3:14pm
4
Please, see the nsdc machine journal. Perhaps you’ll find more about the provisioning error…
journalctl -M nsdc
The -M flag should work also with systemctl:
systemctl -M nsdc status samba-provision.service
There are no credentials for it. Even if you get a shell with the following command, you’ll get a minimal system because the chroot is only samba+its dependencies:
systemd-run -M nsdc -t /bin/bash
1 Like
flatspin
(Ralf Jeckel)
September 23, 2016, 3:28pm
5
davidep:
journalctl -M nsdc
Sep 23 12:43:01 nsdc-ns7test2.verylongnametestns7.lan samba-tool[22]: ERROR(<class ‘samba.provision.InvalidNetbiosName’>): uncaught exception - The name ‘‘VERYLONGNAMETESTNS7’’ is not a valid NetBIOS name
Seems to be the same restriction as we had.
4 Likes
davidep
(Davide Principi)
September 23, 2016, 3:39pm
6
We can open a new bug now… /cc @quality_team
She’s a lucky wife
3 Likes
davidep
(Davide Principi)
September 26, 2016, 4:16pm
7
Thanks to @flatspin ! Opened bug on GitHub:
2 Likes
flatspin
(Ralf Jeckel)
September 27, 2016, 6:13am
8
@davidep thanks for opening the bug. Was 3 day out and had only my phone.
1 Like
davidep
(Davide Principi)
September 29, 2016, 8:44am
9
We have two new packages on nethserver-testing!
Who wants to give’em a try? /cc @quality_team
Before pressing “START DC”:
yum --enablerepo=nethserver-testing update nethserver-sssd nethserver-dc
Also the join to a remote Active Directory would be very appreciated…
3 Likes
flatspin
(Ralf Jeckel)
September 29, 2016, 9:04am
10
Will try it after lunch. Will do a clean install.
3 Likes
flatspin
(Ralf Jeckel)
September 29, 2016, 1:31pm
11
Did it. That’s the result:
No administrator was created.
Log:
journalctl -M nsdc:
2 Likes
davidep
(Davide Principi)
September 29, 2016, 1:41pm
12
Log files seems to be OK. Perhaps we need some UI tweaks too…
flatspin
(Ralf Jeckel)
September 29, 2016, 4:03pm
13
If I try to create a user i get this error
No entry in messages.log
sssd.log is emty
jfranco
(Jean Franco)
September 30, 2016, 1:35am
14
Hi, I’m testing these new packages, how do I make NS7b2 member of an AD Controller?
Thanks,
davidep
(Davide Principi)
October 3, 2016, 8:16am
15
Neither nethserver-directory, nor nethserver-dc have to be installed in this scenario.
Go to Users and Groups page
Select “Active Directory” and enter the AD DNS IP address
jfranco
(Jean Franco)
October 3, 2016, 11:51am
16
Thanks @davidep , all resolved now.
I´m now testing the server as member of an Active Directory domain. This is with the beta packages.
All working good.
Best regards,
davidep
(Davide Principi)
October 3, 2016, 12:14pm
17
Just uploaded a new nethserver-dc package on nethserver-testing. It should fix your issue.
nethserver-dc-1.0.5-1.2.gd1b3790.ns7.x86_64.rpm
1 Like
flatspin
(Ralf Jeckel)
October 3, 2016, 4:27pm
18
Hey @davidep you are the man!!!
I had to do a factory reset and now the administrator was created and I can create a user.
Also goups can be created and user can be added.
And also it works to add the user with the group directly.
No errors in messages.log
Oct 3 18:01:22 ns7test esmith::event[4543]: Event: user-create user1 Testuser 1 /usr/libexec/openssh/sftp-server
Oct 3 18:01:22 ns7test sshd[4559]: Did not receive identification string from 66.240.213.93
Oct 3 18:01:22 ns7test esmith::event[4543]: User ‘user1’ created successfully
Oct 3 18:01:22 ns7test esmith::event[4543]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.4341]
Oct 3 18:01:22 ns7test esmith::event[4543]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.108069]
Oct 3 18:01:22 ns7test esmith::event[4543]: Event: user-create SUCCESS
Oct 3 18:01:22 ns7test esmith::event[4569]: Event: password-policy-update user1 no
Oct 3 18:01:23 ns7test esmith::event[4569]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.127781]
Oct 3 18:01:23 ns7test esmith::event[4569]: Expiry for user ‘user1’ disabled.
Oct 3 18:01:23 ns7test esmith::event[4569]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.488785]
Oct 3 18:01:23 ns7test esmith::event[4569]: Event: password-policy-update SUCCESS
Oct 3 18:01:23 ns7test esmith::event[4590]: Event: password-modify user1@verylongnametestns7.lan /tmp/ng-9Gj5nP
Oct 3 18:01:23 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.004203]
Oct 3 18:01:23 ns7test esmith::event[4590]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword user1
Oct 3 18:01:23 ns7test esmith::event[4590]: New Password:
Oct 3 18:01:24 ns7test esmith::event[4590]: Changed password OK
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.404662]
Oct 3 18:01:24 ns7test esmith::event[4590]: Enabled user ‘user1’
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.36365]
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.020477]
Oct 3 18:01:24 ns7test esmith::event[4590]: Event: password-modify SUCCESS
Oct 3 18:01:41 ns7test httpd: [NOTICE] NethServer\Tool\ChangePassword: root is changing password to SomeoneElse (administrator@verylongnametestns7.lan). Members of the adm group have no restriction (score = 1.00)
Oct 3 18:01:41 ns7test esmith::event[4642]: Event: password-modify administrator@verylongnametestns7.lan /tmp/ng-2VBwpO
Oct 3 18:01:41 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.003263]
Oct 3 18:01:41 ns7test esmith::event[4642]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword administrator
Oct 3 18:01:41 ns7test esmith::event[4642]: New Password:
Oct 3 18:01:42 ns7test esmith::event[4642]: Changed password OK
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.415736]
Oct 3 18:01:42 ns7test esmith::event[4642]: Enabled user ‘administrator’
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.377704]
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.010182]
Oct 3 18:01:42 ns7test esmith::event[4642]: Event: password-modify SUCCESS
Oct 3 18:03:19 ns7test chronyd[3045]: Selected source 212.186.250.154
Oct 3 18:04:27 ns7test esmith::event[4716]: Event: group-create testgroup user1
Oct 3 18:04:27 ns7test esmith::event[4716]: Added group testgroup
Oct 3 18:04:28 ns7test esmith::event[4716]: Added members to group testgroup
Oct 3 18:04:28 ns7test esmith::event[4716]: Action: /etc/e-smith/events/group-create/S40nethserver-dc-group-create SUCCESS [0.774969]
Oct 3 18:04:28 ns7test esmith::event[4716]: Action: /etc/e-smith/events/group-create/S90nethserver-sssd-clear-cache SUCCESS [0.071535]
Oct 3 18:04:28 ns7test esmith::event[4716]: Event: group-create SUCCESS
Oct 3 18:07:08 ns7test esmith::event[4875]: Event: user-create user2 Testuser 2 /bin/bash
Oct 3 18:07:08 ns7test esmith::event[4875]: User ‘user2’ created successfully
Oct 3 18:07:08 ns7test esmith::event[4875]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.433983]
Oct 3 18:07:08 ns7test esmith::event[4875]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.091715]
Oct 3 18:07:08 ns7test esmith::event[4875]: Event: user-create SUCCESS
Oct 3 18:07:09 ns7test esmith::event[4901]: Event: group-modify testgroup@verylongnametestns7.lan user1 domain guests guest user2
Oct 3 18:07:10 ns7test esmith::event[4901]: Added members to group testgroup
Oct 3 18:07:10 ns7test esmith::event[4901]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify SUCCESS [0.793831]
Oct 3 18:07:10 ns7test esmith::event[4901]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.077216]
Oct 3 18:07:10 ns7test esmith::event[4901]: Event: group-modify SUCCESS
Oct 3 18:07:10 ns7test esmith::event[4937]: Event: password-policy-update user2 yes
Oct 3 18:07:10 ns7test esmith::event[4937]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.108905]
Oct 3 18:07:10 ns7test esmith::event[4937]: Expiry for user ‘user2’ set to 180 days.
Oct 3 18:07:10 ns7test esmith::event[4937]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.512142]
Oct 3 18:07:10 ns7test esmith::event[4937]: Event: password-policy-update SUCCESS
Oct 3 18:07:11 ns7test esmith::event[4958]: Event: password-modify user2@verylongnametestns7.lan /tmp/ng-vtPLbK
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.003443]
Oct 3 18:07:11 ns7test esmith::event[4958]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword user2
Oct 3 18:07:11 ns7test esmith::event[4958]: New Password:
Oct 3 18:07:11 ns7test esmith::event[4958]: Changed password OK
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.402442]
Oct 3 18:07:11 ns7test esmith::event[4958]: Enabled user ‘user2’
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.360428]
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.0112]
Oct 3 18:07:11 ns7test esmith::event[4958]: Event: password-modify SUCCESS
Congratulations , I think you did it!
Should we test what happens if verylongname.verylongname.verylongname is given as domain?
2 Likes
jfranco
(Jean Franco)
October 3, 2016, 5:22pm
19
On this latest one, I´m getting permissions errors:
On the GUI
Task completed with errors
S20nethserver-ibays-set-permissions #2 (exit status 256)
On logs:
Oct 3 14:21:03 smart esmith::event[14141]: Action: /etc/e-smith/events/ibay-reset-permissions/S30nethserver-ibays-copy-permissions SUCCESS [0.04142]
Oct 3 14:21:03 smart esmith::event[14141]: Event: ibay-reset-permissions FAILED
1 Like
robb
(Rob Bosch)
October 3, 2016, 6:30pm
20
Isn’t this a limitation of NetBIOS? According to MS convention, a NetBIOS name consists of 16 characters. 15 for the name and the 16th is used as suffix. So this netbiosverylongnameforns7beta2 is not a valid netbiosname.
Since Samba4 is a copy of MS Active Directory, which in turn (still) uses NetBIOS protocol (over tcp/ip) My gut feeling tells me that you are bound to a max of 15 characters for your NetBIOS name.
https://support.microsoft.com/en-us/kb/188997