Bug 30131 – Post-Installation of Samba4 in UCS@School headquarters: samba4/provision/primary=yes undocumented

Bug 30131 - Post-Installation of Samba4 in UCS@School headquarters: samba4/provision/primary=yes undocumented


Summary:	Post-Installation of Samba4 in UCS@School headquarters: samba4/provision/prim...

Status:	CLOSED DUPLICATE of bug 43478

Product:	UCS@school
Classification:	Unclassified
Component:	Documentation
Version:	UCS@school 4.1
Hardware:	Other Linux

Importance:	P1 normal with 1 vote (vote)
Target Milestone:	UCS@school 4.1 R2 vXXX
Assigned To:	Arvid Requate
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:

Duplicates:	34643 40432 (view as bug list)
Depends on:
Blocks:	44228
	Show dependency tree / graph

Reported:	2013-01-23 15:31 CET by Arvid Requate
Modified:	2023-06-12 15:39 CEST (History)
CC List:	4 users (show)

See Also:	43478
What kind of report is it?:	Bug Report
What type of bug is this?:	1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.011
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
improve_s4_connector_detection.diff (5.47 KB, patch) 2016-12-08 20:29 CET, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2013-01-23 15:31:03 CET

Falls Samba4 in einer UCS@School Umgebung nur auf Schul-DCs installiert wurde und später dann auf dem Master nachinstalliert werden soll, sind zuätzliche UCR-Variablen zu setzen, bevor die Paket installiert und gejoined werden:

ucr set samba4/provision/primary=yes \
        connector/s4/allow/secondary=yes
univention-install univention-s4-connector
univention-run-join-scripts --ask-pass

Aktuell scheint das nicht gut dokumentiert zu sein.

Comment 1 Arvid Requate

2013-01-23 15:35:38 CET

Again in English:

If Samba4 was installed only on UCS@School Slave DCs and at some point later it shall also be installed on the DC Master in the headquarters, some UCR variables need to be set first before installing the packages and running the joinscripts:

ucr set samba4/provision/primary=yes \
        connector/s4/allow/secondary=yes
univention-install univention-s4-connector
univention-run-join-scripts --ask-pass

Currently documentation about this seems to be a bit too scarce.

Comment 2 Arvid Requate

2013-01-23 16:41:20 CET

Actually the --ask-pass is not required in this case.

Comment 3 Arvid Requate

2016-01-26 20:45:16 CET

*** Bug 34643 has been marked as a duplicate of this bug. ***

Comment 4 Arvid Requate

2016-01-26 20:45:22 CET

*** Bug 40432 has been marked as a duplicate of this bug. ***

Comment 5 Sönke Schwardt-Krummrich

2016-06-09 15:04:26 CEST

I think it's not critical. The join script will fail, if the UCR variables are not set correctly.

Comment 6 Arvid Requate

2016-09-26 13:56:11 CEST

Info: Bug 40432 says:

> Otherwise the univention-samba4 joinscript will attempt to join into a school (AFAIR).
> 
> See Bug 31936 Comment 2. If we don't fix it along with Bug 31936 then this needs to be documented properly.

Comment 7 Arvid Requate

2016-09-28 15:07:00 CEST

As discussed I checked this again: It's not critical and enough to document it.

Details:
============================================================================
root@master60:~# univention-install univention-s4-connector
[...]
root@master60:~# univention-check-join-status 
Warning: 'univention-samba4' is not configured.
Warning: 'univention-samba4-dns' is not configured.
Error: Not all install files configured: 2 missing
root@master60:~# univention-run-join-scripts
[...]
Running 92univention-management-console-web-server.inst    skipped (already executed)
Running 96univention-samba4.inst                           failed (exitcode: 1)
Running 97univention-s4-connector.inst                     skipped (already executed)
Running 98univention-pkgdb-tools.inst                      skipped (already executed)
Running 98univention-samba4-dns.inst                       failed (exitcode: 1)

root@master60:~# univention-run-join-scripts --ask-pass
[...]
Running 96univention-samba4.inst                           failed (exitcode: 1)
Running 97univention-s4-connector.inst                     skipped (already executed)
Running 98univention-pkgdb-tools.inst                      skipped (already executed)
Running 98univention-samba4-dns.inst                       failed (exitcode: 1)
============================================================================


join.log shows the reason:
============================================================================
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: ldb_request: Entry already exists (68)> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 628, in run
    keep_existing=keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1177, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1080, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 543, in join_add_objects
    ctx.samdb.add(rec)
checking sAMAccountName
Adding CN=MASTER60,OU=Domain Controllers,DC=ar41i2,DC=local
Join failed - cleaning up
============================================================================

And this is because the UCS@school Slave PDC has the univention_samaccountname_ldap_check LDB module active.

Comment 8 Arvid Requate

2016-12-08 20:29:21 CET

Created attachment 8298 [details]
improve_s4_connector_detection.diff

Since I just had this again I've written a patch that should improve the detection of the S4-Connector, so that it "just works" and manual setting of the UCR variable is not required. This is a) good for UCS@school and b) simplifies the code a bit in both, the samba4 and the s4connector join scripts.

Comment 9 Sönke Schwardt-Krummrich

2017-02-23 16:29:53 CET

Bug 43478 has been tagged for UCS 4.1-4-errata and will fix this.

Comment 10 Florian Best

2017-06-28 13:02:20 CEST

(In reply to Sönke Schwardt-Krummrich from comment #9)
> Bug 43478 has been tagged for UCS 4.1-4-errata and will fix this.
Did this happen?

Comment 11 Arvid Requate

2017-06-28 18:07:13 CEST


*** This bug has been marked as a duplicate of bug 43478 ***