Controller provisioning fails with long domain name

@davidep I had stupid idea and created a domain with a very long name.
nsdc-ns7test2.verylongnametestns7.lan

The result was:

Sep 23 12:43:01 ns7test2 systemd-nspawn: [#033[1;31mFAILED#033[0m] Failed to start Domain controller provisioning.
Sep 23 12:43:01 ns7test2 systemd-nspawn: See ‘systemctl status samba-provision.service’ for details.

and of course:

Sep 23 13:03:03 ns7test2 esmith::event[4981]: [ERROR] could not connect to Samba Domain Controller
Sep 23 13:03:03 ns7test2 esmith::event[4981]: Action: /etc/e-smith/events/nethserver-dc-save/S95nethserver-dc-waitstart FAILED: 1 [1202.174267]

4 Likes

@alefattorini, I love this guy :heart_eyes:

3 Likes

Sorry my friend, but I’m married. :broken_heart:

O.k. bad joke, but siriously:
What are the login credentials for the container?
I wanted to do systemctl status samba-provisioning.service and I think I have to do this in the container machine. With machinectl login nsdc-xxxxx I get the login, but didn’t find out the credentials.
Not the root and not the administartor. Hmmmmm :thinking:

2 Likes

Please, see the nsdc machine journal. Perhaps you’ll find more about the provisioning error…

journalctl -M nsdc

The -M flag should work also with systemctl:

systemctl -M nsdc status samba-provision.service

There are no credentials for it. Even if you get a shell with the following command, you’ll get a minimal system because the chroot is only samba+its dependencies:

systemd-run -M nsdc -t /bin/bash
1 Like

Sep 23 12:43:01 nsdc-ns7test2.verylongnametestns7.lan samba-tool[22]: ERROR(<class ‘samba.provision.InvalidNetbiosName’>): uncaught exception - The name ‘‘VERYLONGNAMETESTNS7’’ is not a valid NetBIOS name

Seems to be the same restriction as we had.

4 Likes

We can open a new bug now… :wink: /cc @quality_team

She’s a lucky wife :blush:

3 Likes

Thanks to @flatspin! Opened bug on GitHub:

2 Likes

@davidep thanks for opening the bug. Was 3 day out and had only my phone.

1 Like

We have two new packages on nethserver-testing!

Who wants to give’em a try? /cc @quality_team

Before pressing “START DC”:

yum --enablerepo=nethserver-testing update nethserver-sssd nethserver-dc

Also the join to a remote Active Directory would be very appreciated…

3 Likes

Will try it after lunch. Will do a clean install.

3 Likes

Did it. That’s the result:

No administrator was created.

Log:

journalctl -M nsdc:

2 Likes

Log files seems to be OK. Perhaps we need some UI tweaks too…

If I try to create a user i get this error

No entry in messages.log

sssd.log is emty

Hi, I’m testing these new packages, how do I make NS7b2 member of an AD Controller?

Thanks,

Neither nethserver-directory, nor nethserver-dc have to be installed in this scenario.

  • Go to Users and Groups page
  • Select “Active Directory” and enter the AD DNS IP address

Thanks @davidep , all resolved now.
I´m now testing the server as member of an Active Directory domain. This is with the beta packages.
All working good.

Best regards,

Just uploaded a new nethserver-dc package on nethserver-testing. It should fix your issue.

nethserver-dc-1.0.5-1.2.gd1b3790.ns7.x86_64.rpm
1 Like

Hey @davidep you are the man!!!

I had to do a factory reset and now the administrator was created and I can create a user.

Also goups can be created and user can be added.

And also it works to add the user with the group directly.

No errors in messages.log

Oct 3 18:01:22 ns7test esmith::event[4543]: Event: user-create user1 Testuser 1 /usr/libexec/openssh/sftp-server
Oct 3 18:01:22 ns7test sshd[4559]: Did not receive identification string from 66.240.213.93
Oct 3 18:01:22 ns7test esmith::event[4543]: User ‘user1’ created successfully
Oct 3 18:01:22 ns7test esmith::event[4543]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.4341]
Oct 3 18:01:22 ns7test esmith::event[4543]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.108069]
Oct 3 18:01:22 ns7test esmith::event[4543]: Event: user-create SUCCESS
Oct 3 18:01:22 ns7test esmith::event[4569]: Event: password-policy-update user1 no
Oct 3 18:01:23 ns7test esmith::event[4569]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.127781]
Oct 3 18:01:23 ns7test esmith::event[4569]: Expiry for user ‘user1’ disabled.
Oct 3 18:01:23 ns7test esmith::event[4569]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.488785]
Oct 3 18:01:23 ns7test esmith::event[4569]: Event: password-policy-update SUCCESS
Oct 3 18:01:23 ns7test esmith::event[4590]: Event: password-modify user1@verylongnametestns7.lan /tmp/ng-9Gj5nP
Oct 3 18:01:23 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.004203]
Oct 3 18:01:23 ns7test esmith::event[4590]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword user1
Oct 3 18:01:23 ns7test esmith::event[4590]: New Password:
Oct 3 18:01:24 ns7test esmith::event[4590]: Changed password OK
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.404662]
Oct 3 18:01:24 ns7test esmith::event[4590]: Enabled user ‘user1’
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.36365]
Oct 3 18:01:24 ns7test esmith::event[4590]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.020477]
Oct 3 18:01:24 ns7test esmith::event[4590]: Event: password-modify SUCCESS
Oct 3 18:01:41 ns7test httpd: [NOTICE] NethServer\Tool\ChangePassword: root is changing password to SomeoneElse (administrator@verylongnametestns7.lan). Members of the adm group have no restriction (score = 1.00)
Oct 3 18:01:41 ns7test esmith::event[4642]: Event: password-modify administrator@verylongnametestns7.lan /tmp/ng-2VBwpO
Oct 3 18:01:41 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.003263]
Oct 3 18:01:41 ns7test esmith::event[4642]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword administrator
Oct 3 18:01:41 ns7test esmith::event[4642]: New Password:
Oct 3 18:01:42 ns7test esmith::event[4642]: Changed password OK
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.415736]
Oct 3 18:01:42 ns7test esmith::event[4642]: Enabled user ‘administrator’
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.377704]
Oct 3 18:01:42 ns7test esmith::event[4642]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.010182]
Oct 3 18:01:42 ns7test esmith::event[4642]: Event: password-modify SUCCESS
Oct 3 18:03:19 ns7test chronyd[3045]: Selected source 212.186.250.154
Oct 3 18:04:27 ns7test esmith::event[4716]: Event: group-create testgroup user1
Oct 3 18:04:27 ns7test esmith::event[4716]: Added group testgroup
Oct 3 18:04:28 ns7test esmith::event[4716]: Added members to group testgroup
Oct 3 18:04:28 ns7test esmith::event[4716]: Action: /etc/e-smith/events/group-create/S40nethserver-dc-group-create SUCCESS [0.774969]
Oct 3 18:04:28 ns7test esmith::event[4716]: Action: /etc/e-smith/events/group-create/S90nethserver-sssd-clear-cache SUCCESS [0.071535]
Oct 3 18:04:28 ns7test esmith::event[4716]: Event: group-create SUCCESS
Oct 3 18:07:08 ns7test esmith::event[4875]: Event: user-create user2 Testuser 2 /bin/bash
Oct 3 18:07:08 ns7test esmith::event[4875]: User ‘user2’ created successfully
Oct 3 18:07:08 ns7test esmith::event[4875]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.433983]
Oct 3 18:07:08 ns7test esmith::event[4875]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.091715]
Oct 3 18:07:08 ns7test esmith::event[4875]: Event: user-create SUCCESS
Oct 3 18:07:09 ns7test esmith::event[4901]: Event: group-modify testgroup@verylongnametestns7.lan user1 domain guests guest user2
Oct 3 18:07:10 ns7test esmith::event[4901]: Added members to group testgroup
Oct 3 18:07:10 ns7test esmith::event[4901]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify SUCCESS [0.793831]
Oct 3 18:07:10 ns7test esmith::event[4901]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.077216]
Oct 3 18:07:10 ns7test esmith::event[4901]: Event: group-modify SUCCESS
Oct 3 18:07:10 ns7test esmith::event[4937]: Event: password-policy-update user2 yes
Oct 3 18:07:10 ns7test esmith::event[4937]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.108905]
Oct 3 18:07:10 ns7test esmith::event[4937]: Expiry for user ‘user2’ set to 180 days.
Oct 3 18:07:10 ns7test esmith::event[4937]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.512142]
Oct 3 18:07:10 ns7test esmith::event[4937]: Event: password-policy-update SUCCESS
Oct 3 18:07:11 ns7test esmith::event[4958]: Event: password-modify user2@verylongnametestns7.lan /tmp/ng-vtPLbK
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.003443]
Oct 3 18:07:11 ns7test esmith::event[4958]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword user2
Oct 3 18:07:11 ns7test esmith::event[4958]: New Password:
Oct 3 18:07:11 ns7test esmith::event[4958]: Changed password OK
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.402442]
Oct 3 18:07:11 ns7test esmith::event[4958]: Enabled user ‘user2’
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.360428]
Oct 3 18:07:11 ns7test esmith::event[4958]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.0112]
Oct 3 18:07:11 ns7test esmith::event[4958]: Event: password-modify SUCCESS

Congratulations , I think you did it! :clap: :clap: :clap: :clap:

Should we test what happens if verylongname.verylongname.verylongname is given as domain? :stuck_out_tongue_winking_eye:

2 Likes

On this latest one, I´m getting permissions errors:

  • On the GUI
    Task completed with errors
    S20nethserver-ibays-set-permissions #2 (exit status 256)

On logs:
Oct 3 14:21:03 smart esmith::event[14141]: Action: /etc/e-smith/events/ibay-reset-permissions/S30nethserver-ibays-copy-permissions SUCCESS [0.04142]
Oct 3 14:21:03 smart esmith::event[14141]: Event: ibay-reset-permissions FAILED

1 Like

Isn’t this a limitation of NetBIOS? According to MS convention, a NetBIOS name consists of 16 characters. 15 for the name and the 16th is used as suffix. So this netbiosverylongnameforns7beta2 is not a valid netbiosname.
Since Samba4 is a copy of MS Active Directory, which in turn (still) uses NetBIOS protocol (over tcp/ip) My gut feeling tells me that you are bound to a max of 15 characters for your NetBIOS name.
https://support.microsoft.com/en-us/kb/188997