More problems with SME - Nethserver migration

paul_marwick · May 3, 2019, 11:22pm

NethServer Version: 7.6.1810

I’ve been trying another SME 9.2 > Nethserver migration. This time using rsync. This one is purely experimental, but I need to be able to get it working, since I have a couple of SME systems that I will have to migrate this way.

Since I also have a couple which will need authenticated file share access, I decided to try this one using a locally installed AD. Did that, assigned an IP of 192.168.1.251 (the primary server IP is 192.168.1.250. I then used rsync-migrate to move the data from an existing SME 9.2 setup. Everything seemed to go correctly - when I log into the web interface on the new Nethserver machine, the users are in place. I had to set up the red and green interfaces, but that has given me a serious problem. The green interface is now showing a br0, while the red interface is set as 10.1.0.250 (the experimental server is running as a subnet off an existing network.

I set the red interface as below:

    DEVICE=enp0s25
    BOOTPROTO=none
    GATEWAY=10.1.0.254
    IPADDR=10.1.0.250
    NETMASK=255.255.255.255
    NM_CONTROLLED=no
    ONBOOT=yes
    TYPE=ethernet
    USERCTL=no

I then attempted to set br0 to use 10.1.0.254 as gateway. When I submit that request, I get the following error:

    Task completed with errors
    S70network-start #13 (exit status 256)

I must be missing something, but so far, I’ve not worked out what. I’ve also yet to locate the script that is reporting the error. Any pointers would be useful…

syntaxerrormmm · May 4, 2019, 12:35am

Having a br0 green interface is normal after configuration of a local account provider based on AD-compatible controller: it replaces your physical green interface and uses it to create a bridge (hence the br in the name of the interface).

Still, I don’t understand what are you trying to achieve or what’s the problem, since trying to assign to an interface a default gateway outside the network already assigned to it is impossibile (you are trying to assign 10.1.0.254 as gateway on an interface configured as 192.168.1.0/24). If the server has a Red and a green interface, it will by default use the green interface only for its network (in your case, 192.168.1.0/24), the Red in all other cases and it will behave like a router with NAT masquerading enabled.

If you need to serve SMB shares on the 10.1.0.0 network you should configure at least some port forwarding.

paul_marwick · May 4, 2019, 4:32am

Sorry - can’t have explained clearly enough…

I only attempted to configure a gateway because when I completed the migration, the server could not see the internet at all. The only green interface I have is the bridge created when I configured the local AD. But after that, neither the server or any client logging into the server can access the internet. So I’m a bit lost - for a non-bridge interface, I would assign the red interface IP as its gateway, allowing access to the internet from the server and other devices connecting to it.

In this instance, while configuring the server, it was using the 192.168.1.x subnet for green. The bridge was configured on that subnet. That step was done with the new server connected to the old SME server. That machine had the 10.1.0.x subnet on the internet side and the 192.168.1.x subnet on the internal (green) interface. When the migration was complete, I removed the SME machine from the network, and plugged the internet side (10.1.0.x) into the Nethserver’s second NIC. At that point, I lost internet access.

I must be missing something here…

robb · May 4, 2019, 11:10am

This is normal behavior since you installed Samba4 AD account provider. Because there are no Samba4 packages with Heimdal Kerberos available for CentOS7 from standard repositories, we had to be creative with this. As a solution there is a simple linux container with Samba4 AD/Heimdal Kerberos support to act as AD Domain Controller. In order to make this work the Linux container must be available with a bridged interface having an unused IP in the same subnet as the GREEN interface.
If you need to access another network (other subnet or the internet) you need a 2nd interface configured as a RED interface on another subnet. If you configure your RED interface correctly you will have access to the other network or internet.

What did you set as default gateway on the RED interface? This should be the internal IP address of your Modem/Router to be able to access the internet. (and the IP address of the RED interface must be on the same subnet as the internal IP of the Modem/Router)

Do NOT set br0 as gateway! br0 MUST be on the GREEN interface (and subnet)

paul_marwick · May 5, 2019, 2:07pm

I’m obviously not making myself clear. I’m aware of how the br0 interface works. I had it set as green during installation and migration from the SME machine. When that completed (without any apparent errors), I configured the other ethernet interface as red, using 10.1.0.250 as its IP, and configured the gateway field for it to point to 10.1.0.254, which is the internet gateway for the network. Fine so far.

However, there is NO communication between red and green interfaces. If I connect a laptop on the green side, I can connect to the server, run the web interface, SSH into the machine without problems. DHCP and local DNS are working. I cannot ping anything on the internet, either by name or IP. If I log into the server console, I can see other devices on the green side, but I cannot resolve any internet addresses, either by name or IP. All I get is “network is unreachable”.

The ethernet port used for the red interface is working fine (checked by booting from SystemrescueCD), which was able to connect to the internet without problems. So its not a hardware problem…

When configuring a Nethserver using LDAP instead of AD, I have configured the green interface to use the IP of the red interface as its gateway. Works fine. But does not work with the bridged interface used when the AD is configured.

So I’m still missing something - there is no NAT, no connection of any sort between the red and green sides of the network.

pike · May 5, 2019, 7:13pm

@paul_marwick sorry but… i got stucked.
Would you please detail
-Sme Server Network Setup
-NethServer network setup

Network interfaces (all of them), and ip addresses.
Also, if possible/avalable, the setup of the router in front of both setup, for Internet.