KDC not present in NS7B1

Support
1

Hi folks,

tried to get kerberos credentials from my NS7 with Network Identity Manager, but got message that there is no KDC available. “Domain Accounts” show that there is a KDC.

Isn’t the above KDC meant to give credentials to clients? I tried to ping the ip, but it is not reachable.
(If this is a silly question please for give me. I’m not experienced with this stuff :blush:)

Installation is a vm with one nic bridged to physical eth0, but that shouldn’t matter i think.

Thanks in advance.

1 Like
2

I think on the contrary it can be relevant, because if the VM has a bridged interface it cannot be reached by the host system (at on least my Linux/Fedora/KVM install). Could you ping it from another machine?

3

The ns7-vm has 192.168.0.235 and can be pinged from any machine in the network. The KDC is in a container i think. The 192.168.0.236 can be pinged from ns7-vm, but not from any other machine in network.

4

sorry, I forgot to mention, that this is a NS6/virtualbox install

5

It seems a VirtualBox issue…

6

o.k. I’ll install webvirtmgr and KVM and setup a new machine.
Will report if that helped.

Thanks so long Davide.

7

Ehi Ralf, how is it going with your tests?

8

hi @alefattorini , unfortunately i have troubles with setting up a nethserver-dc instance. I created a ns7 instance with webvirtmanager and updated it. everything worked perfectly. The installation of nethserv-dc-package itself worked also. But when i try to start the DC, the process stucks at “57% adjust-services”. Tried it serveral times. But always the same. :sob:

Pasted image948×244 33.1 KB

Could it be a problem of a container in a kvm-instance?

1 Like
9

I never had problems with containers on my VMs.

The screenshot above does not help. You can reset the nsdc state as documented here

http://docs.nethserver.org/projects/nethserver-devel/en/v7b/nethserver-dc.html#factory-reset

Are you allocating a free IP?

10

yes. I tried it with different ip.

11

hi @davidep and @alefattorini

sorry, but i give up!! Can’t figure out the problem. In the KVM-VM the DC-installation stucks at “57% adjusting services”. The KVM-VM is much slower than the Virtualboxmachine. I tried it three times and everytime the same. Also I had on both machines (kvm and vbox) the problem to create user. Only if I created the user without password and changed the password afterwards it worked. I think there is somewhere an issue with the authentication of users, because of the LDAP-server has the same ip as the KDC and both are not reachable from the Network, only from the CLI of the vm itself. It’s like the firewall drops traffic to nsdc, but that can’t be because of openfirewal settings and I disabled shorewall at all.
Thanks for listening to my problems and your try to help.

So long. Best regards Ralf

12

cc: @davidep, @giacomo, @alefattorini

I think I know where is the problem.

After you have installed the Samba AD package, is mandatory to reboot NS 7b1, before begin Samba AD configuration!

How I tested:

Test 1: twice on VirtualBox

  • Install NS 7b1 from scratch.
  • Install all the updates.
  • Add Samba AD package.
  • Reboot NS 7b1.
  • Begin the configuration of the Samba AD.
  • When the process was blocked at 57%, reboot from CLI.
  • After reboot, restart the configuration of the Samba AD.
  • You can create users with password from the beginning.

Test 2: once on VirtualBox and once on a dedicated server

  • Install NS 7b1 from scratch.
  • Install all the updates.
  • Add Samba AD package.
  • Begin the configuration of the NS 7b1.
  • Error at the end of the process (please see the screenshots; are common for the VM and for the dedicated server)
  • Error in “Domain accounts” menu.
  • Error in “Services” menu.
  • After reboot, the same errors in “Domain accounts” menu and in “Services” menu.

I cannot continue with tests on the dedicated server till I will not reinstall the NS 7b1 (but for this, I must to go at work and I’m in vacation).

Or, maybe there is a way to pass the errors. What do you think?

DC join error.PNG1280×800 106 KB

DC domain accounts.PNG1280×800 97.3 KB

DC_services.PNG1280×800 125 KB

13

Thanks for pointing this out, @GG_jr and @flatspin !

Could you attach (some excerpts from) your log files? It would help investigating the origin of the error!

Apart from /var/log/messages that shows how an event proceeds, here would help also the output of nsdc container journal:

journalctl -M nsdc
1 Like
14

I did many test installations and the boot isn’t really necessary.
Surely it can solve some kind of situation, but the dc must work out-of-the-box after the installation, and all your tests are very valuable to us in finding all the bugs! :wink:

I found only one issue on the DC: on a VM with a bridged interface, I can’t access the DC from other machines in the network. The same issue doesn’t apply on physical machine, so I would blame something in the network setup of my VMs.

2 Likes
15

thanks @giacomo this is exactly my problem. I’m working with a bridged interface on a virtualbox-vm. Did you find a workaround?

I still have the problem with epel repo. I have to disable mirrors and enable baseurl with vi editor after new install from iso. Otherwise update doesn’t work. Anyone else has this issue?

16

From dedicated server:

/var/log/messages: https://drive.google.com/open?id=0B1DQ23OY7TYkbzVYOXEzRDlpZ0k

journalctl -M nsdc: https://drive.google.com/open?id=0B1DQ23OY7TYka0VZM3lsbDV6UlU

If you need more log files, please tell me.

BR,
Gabriel

2 Likes
17

The “journalctl” link points to an “rpm -qa” output :slight_smile:

18

Sorry! Fixed!

19

I know that the reboot isn’t necessary.

After I’ve tried the two variants on VM, on dedicated server I did only Test 2 (without reboot) and look what has happened.

When I’ve tested Samba AD on NS 7a3, I didn’t have this issue.
( NethServer 7.2 alpha 3 - “First Blood” )

BR,
Gabriel

1 Like
20

No I didn’t, but also I haven’t try hard :slight_smile: But I will test it on a VMWare cluster later this week.