Network reconfiguration

hardware
network

(Mariana Migliato) #1

Good Morning,
I had a problem with one of my servers as it burned one of the offboard network cards. I did the exchange but lost the access to the interface.
I do not know where else to make the settings.
I changed the / etc / sysconfig / network-scripts /
And also changed within / var / lib / nethserver / db / networks.
However, I can not access the web interface.

Any suggestion?


(Marc) #2

I think the new network interface has been assigned a different device name.

You can try to bring the interface up and access the server-manager.
Another option (haven’t verified if this works but you can try):

# get name of new interface
ip a  # or ifconfig command
# get current config
db networks show
# set new interface as green
#  (replace eth0, IP address, netmask and network as per your requirements)
db networks set eth0 ethernet role green ipaddr 192.168.1.4 netmask 255.255.255.0 network 192.168.1.0 onboot yes bootproto static
# Apply settings
signal-event interface-update

The manual has some other options to reconfigure/reset the network interfaces.


(Mariana Migliato) #3

So I got back a web interface, since it is very slow and appeared in a message when access.
Generic account provider error: SSSD exit code 1

What to do?


(Marc) #4

If the replaced NIC was used for green and the server is using AD as account provider you might have to rebuild the bridge for it


(Mariana Migliato) #5

The problem is this, it was not me who made a question revealed. I’m assuming now, so I’m having to look for the problems. And since I’ve never worked with nethserver I’m missing configuration files.


(Marc) #6

OK. You can get some info on what’s installed/configured:

rpm -qa nethserver-\*
config show

…annonymize any private info.
/var/log/messages may provide more details on what is failing.

Do you know the NethServer or CentOS version?

Remember this is CentOS but uses templates for most config files. There are also some particularities, like a “containerized” Active Directory for instance.

http://docs.nethserver.org/en/latest/


(Mariana Migliato) #7

Yes I did, the services ok. My problem is being in tethering the settings, to get back to work.
I do not know exactly what to do.
First, on the issue of web interface slowness.
According to the error, probably because of the NIC exchange, however as it is very slow I can not touch practically anything, I did everything in hand to get access again web. Even more insecure because of the mechanism that for me is still unknown.
I worked a lot of time with Zentyal, and I’m a little surprised by NethServer.

The nethserver version is NethServer 7.


(Marc) #8

Both errors could be related: the first one indicates an error in the account provider (it could be AD {nethserver-dc} or OpenLDAP {nethserver-directory}, my guess is it’s more likely to be an AD problem); the slowness could be a side-effect of the first one.

Can you provide us the outcome of the following commands, so we get to know a bit more of the server setup?

rpm -qa nethserver-\*
db networks show
config show sssd
config show nsdc
/usr/libexec/nethserver/list-users
tail -n50 /var/log/messages

(Mariana Migliato) #9

Of course,

[root@xpserver ~]# rpm -qa nethserver-*
nethserver-rh-php56-php-fpm-1.0.0-1.ns7.noarch
nethserver-hosts-1.2.1-1.ns7.noarch
nethserver-pulledpork-2.1.1-1.ns7.noarch
nethserver-dc-1.3.2-1.ns7.x86_64
nethserver-duc-1.4.3-1.ns7.noarch
nethserver-lightsquid-1.1.2-1.ns7.noarch
nethserver-backup-data-1.3.2-1.ns7.noarch
nethserver-ibays-3.1.1-1.ns7.noarch
nethserver-base-3.1.1-1.ns7.noarch
nethserver-dnsmasq-1.6.5-1.ns7.noarch
nethserver-openssh-1.2.1-1.ns7.noarch
nethserver-nethforge-release-7-0.3.ns7.noarch
nethserver-evebox-1.0.0-1.ns7.noarch
nethserver-yum-1.4.1-1.ns7.noarch
nethserver-php-1.2.0-1.ns7.noarch
nethserver-smartd-1.1.0-1.ns7.noarch
nethserver-ntopng-2.0.1-1.ns7.noarch
nethserver-lang-en-1.2.3-1.ns7.noarch
nethserver-release-7-5.ns7.noarch
nethserver-lang-pt-1.2.3-1.ns7.noarch
nethserver-squid-1.7.0-1.ns7.noarch
nethserver-c-icap-1.1.0-1.ns7.noarch
nethserver-squidclamav-3.0.0-1.ns7.noarch
nethserver-samba-2.0.10-1.ns7.noarch
nethserver-backup-config-2.0.3-1.ns7.noarch
nethserver-ntp-1.1.3-1.ns7.noarch
nethserver-httpd-3.1.4-1.ns7.noarch
nethserver-letsencrypt-1.1.4-1.ns7.noarch
nethserver-lib-2.2.6-1.ns7.noarch
nethserver-sssd-1.3.3-1.ns7.noarch
nethserver-antivirus-1.2.1-1.ns7.noarch
nethserver-firewall-base-ui-3.2.9-1.ns7.noarch
nethserver-mysql-1.1.3-1.ns7.noarch
nethserver-lsm-1.2.3-1.ns7.noarch
nethserver-net-snmp-1.1.0-1.ns7.noarch
nethserver-restore-data-1.2.3-1.ns7.noarch
nethserver-firewall-base-3.2.9-1.ns7.noarch
nethserver-phonehome-1.2.1-1.ns7.noarch
nethserver-mail-smarthost-1.0.0-1.ns7.noarch
nethserver-squidguard-1.7.4-1.ns7.noarch
nethserver-suricata-1.1.1-1.ns7.noarch
nethserver-httpd-admin-2.0.14-1.ns7.noarch

[root@xpserver ~]# db networks show
br0=bridge
bootproto=none
gateway=192.168.0.200
ipaddr=192.168.0.13
netmask=255.255.255.0
role=green
enp0s20u1=ethernet
FwInBandwidth=
FwOutBandwidth=
role=
enp2s0=ethernet
FwInBandwidth=
FwOutBandwidth=
bootproto=none
bridge=br0
role=bridged

Probably the problem is here, but I’m not sure exactly what file to modify this setting
[root@xpserver ~]# config show sssd
sssd=service
AdDns=192.168.2.2
LdapURI=
Provider=ad
Realm=AD.ABPOL.NET
Workgroup=ABPOL
status=enabled

[root@xpserver ~]# config show nsdc
nsdc=service
IpAddress=192.168.2.2
ProvisionType=newdomain
bridge=br0
status=enabled

[root@xpserver ~]# tail -n50 /var/log/messages
Mar 27 17:01:31 xpserver kill: -l, --list [=] list signal names, or convert one to a name
Mar 27 17:01:31 xpserver kill: -L, --table list signal names and numbers
Mar 27 17:01:31 xpserver kill: -h, --help display this help and exit
Mar 27 17:01:31 xpserver kill: -V, --version output version information and exit
Mar 27 17:01:31 xpserver kill: For more details see kill(1).
Mar 27 17:01:31 xpserver systemd: zabbix-agent.service: control process exited, code=exited status=1
Mar 27 17:01:31 xpserver systemd: Unit zabbix-agent.service entered failed state.
Mar 27 17:01:31 xpserver systemd: zabbix-agent.service failed.
Mar 27 17:01:41 xpserver systemd: zabbix-agent.service holdoff time over, scheduling restart.
Mar 27 17:01:41 xpserver systemd: Starting Zabbix Agent…
Mar 27 17:01:41 xpserver systemd: zabbix-agent.service: Supervising process 9201 which is not our child. We’ll most likely not notice when it exits.
Mar 27 17:01:41 xpserver systemd: Started Zabbix Agent.
Mar 27 17:01:41 xpserver systemd: zabbix-agent.service: main process exited, code=exited, status=1/FAILURE
Mar 27 17:01:41 xpserver kill: Usage:
Mar 27 17:01:41 xpserver kill: kill [options] <pid|name> […]
Mar 27 17:01:41 xpserver kill: Options:
Mar 27 17:01:41 xpserver kill: -a, --all do not restrict the name-to-pid conversion to processes
Mar 27 17:01:41 xpserver kill: with the same uid as the present process
Mar 27 17:01:41 xpserver kill: -s, --signal send specified signal
Mar 27 17:01:41 xpserver kill: -q, --queue use sigqueue(2) rather than kill(2)
Mar 27 17:01:41 xpserver kill: -p, --pid print pids without signaling them
Mar 27 17:01:41 xpserver kill: -l, --list [=] list signal names, or convert one to a name
Mar 27 17:01:41 xpserver kill: -L, --table list signal names and numbers
Mar 27 17:01:41 xpserver kill: -h, --help display this help and exit
Mar 27 17:01:41 xpserver kill: -V, --version output version information and exit
Mar 27 17:01:41 xpserver kill: For more details see kill(1).
Mar 27 17:01:41 xpserver systemd: zabbix-agent.service: control process exited, code=exited status=1
Mar 27 17:01:41 xpserver systemd: Unit zabbix-agent.service entered failed state.
Mar 27 17:01:41 xpserver systemd: zabbix-agent.service failed.
Mar 27 17:01:52 xpserver systemd: zabbix-agent.service holdoff time over, scheduling restart.
Mar 27 17:01:52 xpserver systemd: Starting Zabbix Agent…
Mar 27 17:01:52 xpserver systemd: zabbix-agent.service: Supervising process 9209 which is not our child. We’ll most likely not notice when it exits.
Mar 27 17:01:52 xpserver systemd: Started Zabbix Agent.
Mar 27 17:01:52 xpserver systemd: zabbix-agent.service: main process exited, code=exited, status=1/FAILURE
Mar 27 17:01:52 xpserver kill: Usage:
Mar 27 17:01:52 xpserver kill: kill [options] <pid|name> […]
Mar 27 17:01:52 xpserver kill: Options:
Mar 27 17:01:52 xpserver kill: -a, --all do not restrict the name-to-pid conversion to processes
Mar 27 17:01:52 xpserver kill: with the same uid as the present process
Mar 27 17:01:52 xpserver kill: -s, --signal send specified signal
Mar 27 17:01:52 xpserver kill: -q, --queue use sigqueue(2) rather than kill(2)
Mar 27 17:01:52 xpserver kill: -p, --pid print pids without signaling them
Mar 27 17:01:52 xpserver kill: -l, --list [=] list signal names, or convert one to a name
Mar 27 17:01:52 xpserver systemd: zabbix-agent.service: control process exited, code=exited status=1
Mar 27 17:01:52 xpserver kill: -L, --table list signal names and numbers
Mar 27 17:01:52 xpserver kill: -h, --help display this help and exit
Mar 27 17:01:52 xpserver kill: -V, --version output version information and exit
Mar 27 17:01:52 xpserver kill: For more details see kill(1).
Mar 27 17:01:52 xpserver systemd: Unit zabbix-agent.service entered failed state.
Mar 27 17:01:52 xpserver systemd: zabbix-agent.service failed.


(Marc) #10

It seems the server has a local Samba Active Directory DC (nethserver-dc) configured. If that the case, the IP address of nsdc should be on the same network range as the green interface.

I think the previous setup could have been:

  • gateway/router: 192.168.0.200
  • NethServer red interface: 192.168.0.x (currently, no RED interface appears to be configured)
  • NethServer green interface: 192.18.2.1
  • AD/DC container IP (nsdc): 192.168.2.2
  • LAN clients: 192.168.2.1/24

Can you share how the server is connected within the network? Whether the server is/was using one or more interfaces?

Is it LAN -> Server -> Router -> Internet
or…

LAN clients---
             |---> Switch -> Router -> Internet
Server--------

or something else?


(Mariana Migliato) #11

Actually no, it was actually configured in the 192.168.2.0 range, but as I had the problem with the card, I do not know why I could not access the web interface, so I had to try reconfiguration in the lab. So I manually set up the network so that I could at least re-access the interface, then re-set the network configuration according to the documentation.
Deleting the interface and configuring it from scratch.
Today my scenario is:

LAN clients —
| —> Switch -> Router -> Internet
Server --------

So in fact I need to fix the following, the IP IP issue, to see if to stop giving the error in the interface here in my lab environment, then go to the company and there connect the WAN interface, do the interface configuration , configure lan to set the 192.168.2.0/24 range, enable dhcp for this interface, and return the ad to the 192.168.2.2 network.


(Marc) #12

Here is How to change IP address of DC

I see the server has IPS, webproxy and content filter, firewall… Changing the DC IP address wouldn’t be my first option but I’m not proficient in networking or AD. @m.traeumner @mrmarkuz, if you have any advice on the safest way to proceed chime in.


(Markus Neuberger) #13

The sssd error occurs because of the wrong nsdc ip so I’d try the change IP way. Uninstall/reinstall may work too but it’s more effort.


(Mariana Migliato) #14

Right and what procedure do you recommend in this case?


(Markus Neuberger) #15

I’d recommend the method described in the docs, @dnutan posted the link already.

signal-event nethserver-dc-change-ip 192.168.2.2

Having a backup is always good.


(Marc) #16

I’d try to recreate/mimic on the lab/sub-lab the same network structure, making minimal changes to the original server (as little as possible), if the environment allows it.

To change the DC ip on your lab it would be:

signal-event nethserver-dc-change-ip 192.168.0.2

tweaking the IP address to your needs. At the company, it would be like in the example posted by @mrmarkuz