I started the install of the DC. It wanted me to specify a different address than what the system was running on. So I supplied 192.168.129.7 (currently on .14). Seems it is going to use a /24 subnet which will work for starters.
So it gets 62% done with the message adjust-services and hangs.
the last few messages from journalctl -f is:
Oct 09 18:47:10 klovia.htt-consult.com systemd[1]: Started DNS caching server…
Oct 09 18:47:10 klovia.htt-consult.com systemd[1]: Starting DNS caching server…
Oct 09 18:47:10 klovia.htt-consult.com dnsmasq[10475]: started, version 2.76 cachesize 4000
Oct 09 18:47:10 klovia.htt-consult.com dnsmasq[10475]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
Oct 09 18:47:10 klovia.htt-consult.com dnsmasq-tftp[10475]: TFTP root is /var/lib/tftpboot
Oct 09 18:47:10 klovia.htt-consult.com dnsmasq[10475]: using nameserver 50.253.254.2#53
Oct 09 18:47:10 klovia.htt-consult.com dnsmasq[10475]: read /etc/hosts - 2 addresses
Oct 09 18:47:10 klovia.htt-consult.com esmith::event[8963]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [3.58274]
So I check IP:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 02:c1:08:81:e2:d7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c1:8ff:fe81:e2d7/64 scope link
valid_lft forever preferred_lft forever
Task completed with errors
S96nethserver-dc-createldapservice #15 (exit status 256)
S95nethserver-dc-waitstart #23 (exit status 256)
S96nethserver-dc-createldapservice #24 (exit status 256)
S96nethserver-dc-join #25 (exit status 256)
S97nethserver-dc-password-policy #26 (exit status 256)
S98nethserver-dc-createadmins #28 (exit status 256)
Adjust service sssd #157 (exit status 1)
failed
Template /var/lib/machines/nsdc/etc/ntp.conf #131 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/ntp.conf failed
Template /var/lib/machines/nsdc/etc/hosts #132 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/hosts failed
Template /var/lib/machines/nsdc/etc/resolv.conf #133 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/resolv.conf failed
Template /var/lib/machines/nsdc/etc/hostname #134 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/hostname failed
Template /var/lib/machines/nsdc/etc/systemd/system/nsdc-run@.service #135 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/systemd/system/nsdc-run@.service failed
Template /var/lib/machines/nsdc/etc/systemd/system/samba-provision.service #136 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/systemd/system/samba-provision.service failed
Template /var/lib/machines/nsdc/etc/systemd/system/nsdc-run.socket #137 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/systemd/system/nsdc-run.socket failed
Template /var/lib/machines/nsdc/etc/systemd/network/green.network #138 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/systemd/network/green.network failed
Template /var/lib/machines/nsdc/etc/samba/smb.conf.include #139 (exit status 1)
expansion of /var/lib/machines/nsdc/etc/samba/smb.conf.include failed
Template /var/lib/machines/nsdc/srv/smb.ns6upgrade.conf #140 (exit status 1)
expansion of /var/lib/machines/nsdc/srv/smb.ns6upgrade.conf failed
Template /var/lib/machines/nsdc/srv/post-provision.sh #141 (exit status 1)
expansion of /var/lib/machines/nsdc/srv/post-provision.sh failed
and as I previously said the DC IP addr is 192.168.192.7
It is not too much of an issue to rebuild the image from scratch and start again tomorrow…
BTW, as I think of it, I would like the DNS name to be home.htt; something that is not usable at all externally. This is what I did with my ClearOS setup; I hope it will work here.
I took the liberty to change the subject, if you wish you can change back.
Looks like the installation of (the packages of) the container failed.
Key to indicate success of this part of the installation is line 1266 in my log:
Oct 09 16:54:44 rpi3p.havak.lan esmith::event[1567]: Complete!
Oct 09 16:54:44 rpi3p.havak.lan esmith::event[1567]: Created symlink from /etc/systemd/system/multi-user.target.wants/machines.target to /usr/lib/systemd/system/machines.target.
Oct 09 16:54:44 rpi3p.havak.lan systemd[1]: Reloading.
Sorry to ask:
Did you grow your rootfs before installing the AD. I think i should have mentioned it won’t fit on the partition of the currently shipped image. see README in /root to grow the rootfs.
Sorry I do not know. It may sould a bit strange: Having the nethserver-dc package dismissed for arm in the past, I am not very familiar with it.
Maybe others can chip in how to debug this.
Just can share my work flow:
configure network: set green interface to fixed IP (and make a record for it in the my local DNS server)
update
grow rootfs partition
reboot
install account provider
then install other modules, usually one at a time
to be accurate: between 1 and 2 provide a selfsigned-certificate trusted my local environment. This because firefox goes crazy if you have multiple exceptions for the same ip/hostname (which happens if you reinstall the same SBC over and over again)
A habit of me while testing/debugging is to reboot before installing the “test subject” and write hole journalctl of the event to a file. ( journalctl > my_event.log ).
There may be more sophisticated methods, it works for me…
BTW a log of the hole event should be logged in /var/log/messages which can also be viewed in the web-ui at Administration > Log viewer > /var/log/messages
I started from scratch with the base image. I expanded the rootfs partition while the drive was still connected to my notebook using gparted. I am lazy that way. Plus I like to look at what whatever arm image is doing partition-wise.
changed the root password
set the timezone to America/Detroit using timedatectl
Install zram
Connected to port 980 and went through the setup.
This time it did not ask me to change the root password, as I changed it from the serial console earlier.
It prompted me for the timezone, offering that current was DETROIT; I wonder what would have happened if the tz file has a city name in two regions? We had a discussion about setting time zones in both the Fedora user and Xfce lists. Gnome has moved past using the tz file, giving much better geo choices…
Then I was on the interface dialog and it recommended I change from a DHCP address. So this time I did. This is the important difference than before, where I kept the system on the dhcp address.
Note that when I changed the IP address, I lost my connection. I have been on devices where when I changed address, I was issued a redirect to the new address before the interface was bounced. Not the case here. You should have a warning here about reconnecting to the new address.
I then went to the install AD dialog. Set up domain dns as home.htt and Netbios as HOMEBASE and IP as on the same network as the static. This time the install worked.
Thank you for your persistence in testing and feedback!
Yes prompts whatever is set, during image build it is set to UTC.
I did thinker to try to set it at first boot using one of the services out there: curl https://ipapi.co/timezone && echo " is my timezone"
Allways good to have new eyes/thoughts and experiences! But is the yellow warning banner in the web-ui (something like, forgot the actual text) “green interface on dhcp” not good enough?
It does not say that some software installation will fail badly. In fact you could go the extra mile and have a flag for some software installs not to install if IP add is DHCP. I can think of at least one where it shouldn’t matter: SQL. But you can even go the distance that no software can be installed until static is set.
Thing is I can think of installations where DHCP is perfectly valid for the Green network.
You will get people like me that will try and push things because we always have and were there when DHCP was ‘invented’!
Now speaking about pushing things. I set up my AD DNS as home.htt, because I like my AD DNS to be really private, and Microsoft says I can.
Well, I can’t create and groups or users for this DNS. They are all for the server’s domain of htt-consult.com. I spent some time looking at what things I can configure, and I don’t see any way to work with groups or users for the AD domain. Perhaps it is not necessary? This will all be taken care of when a machine joins the domain?
I read through Users and groups — NethServer 7 Final
a number of times and other than a tip not to do this, it does not come out and say that things won’t work?
As said, I do know the nethserver-dc package very well. Encountered it doing some work on SOGo which binds to AD/LDAP.
Note you are referring to M$ documentation from 2009 applicable to M$server 2000-2003. AFAIK this are NT4.0 style PDC’s and we are in the era of the new style Active Directory.
Being Dutch -who are known for direct communication- I can agree documentation can be more compelling on some points. On the other hand: why dictate what you should do, advice you to choose a direction has it’s charm. And note with the e-smith configuration layer you can mold nethserver exactly to your like.
I reread all the M$ docs and I will go with something like home.htt-consult.com; afterall I would not want Donald upset with me by disobeying his recommendations in RFC 2606! BTW, is old DEC nickname is ‘The Beast’ as supposedly he could really get upset when someone did not do ‘what was obvious’! Lots of interesting people worked at DEC back then and gave us lots of important tech (fortunately not DECNET).
So now another install from start as it warns not to change your AD DNS name.
Perhaps when I am in EU (Prague) in March for IETF 104 and spend the weekends in Amsterdam, we can get together. I have enjoyed my times in the Netherlands. But you have to be fast changing trains in Utrecht. Nothing like that here in the US.
I updated my raspberry, removed ldap and installed AD, joined a Win 7 Client to the domain, logged in as Nethserver admin and it just worked.
Great work!
I have a Win7 system ready to test to join and then see if I can access stuff. Just need to know that the basics for the AD are right.
This is still a test setup, the 1TB drive came yesterday for the production system. I am also seriously thinking of doing this on a Cubieboard2 with only 1GB memory (only effective difference for this purpose to the Cubietruck with 2GB).
net ads info
LDAP server: 192.168.129.3
LDAP server name: nsdc-homebase.home.htt-consult.com
Realm: HOME.HTT-CONSULT.COM
Bind Path: dc=HOME,dc=HTT-CONSULT,dc=COM
LDAP port: 389
Server time: Fri, 12 Oct 2018 09:55:23 EDT
KDC server: 192.168.129.3
Server time offset: 0
Last machine account password change: Thu, 11 Oct 2018 13:57:43 EDT
krb5exec klist -s && echo -e "Join is OK\n"
Join is OK
krb5exec net ads search -k "(&(sAMAccountName=homebase$)(objectCategory=computer))" name sAMAccountName distinguishedName servicePrincipalName objectSid dNSHostName pwdLastSet lastLogon whenCreated whenChanged accountExpires
Got 1 replies
whenCreated: 20181011175742.0Z
name: HOMEBASE
objectSid: S-1-5-21-1008287891-906313758-842324507-1104
accountExpires: 9223372036854775807
sAMAccountName: HOMEBASE$
pwdLastSet: 131837542627102600
dNSHostName: homebase.htt-consult.com
servicePrincipalName: HOST/HOMEBASE
servicePrincipalName: HOST/homebase.htt-consult.com
whenChanged: 20181011175748.0Z
lastLogon: 131838259756358170
distinguishedName: CN=HOMEBASE,CN=Computers,DC=home,DC=htt-consult,DC=com