Univention Bugzilla – Bug 34223
Samba4 @school test: DC locator
Last modified: 2019-02-05 21:43:25 CET
In UCS@School Samba4 the Windows clients need to choose the domain controller that is appropriate for the school they are located at (and configured for). Several mechanisms are used for this, DNS beeing the most important. IMHO it would be good to implement a simple test case, which uses the "net lookup dsgetdcname" (or the python-samba API of it) to check if the DC locator finds the right DC. This is just a simulation of the methods used by a native Windows client, but it's the first order approach to this topic. * On the DC Master the DC locator should find the master. * On a school slave the DC locator must only pick the local slave. * On a DC Backup the DC locator should either pick the backup or the master (possibly in alternating order?).
r53259: * Bug #34223: 90_ucsschool/93_samba4_check_dc_selection: test the DC Locator (DNS).
Ok, the test works, but I didn't properly state the criteria: 1. School DCs (with Samba 4) must only find Samba4 DCs that are located at the same school (below the same school OU. 2. School DCs (with Samba 4) not located in the central school department (i.e. below a OU) must only find Samba 4 DCs that are also in the central school department. It would be best to make use of the methods provided by ucsschool.lib.schoolldap as much as possible to identify the school and the DCs. I guess it's ok for UCS@school to search for School DCs (with Samba 4) only and not for Samba 4 DCs in general.
(In reply to Arvid Requate from comment #2) > 1. School DCs (with Samba 4) must only find Samba4 DCs that are located at > the same school (below the same school OU. Ok, if I understand correctly, than it's the case there are several DC-Slaves are located at one School. But than the question - do we have a respective template for Jenkins job? > 2. School DCs (with Samba 4) not located in the central school department > (i.e. below a OU) must only find Samba 4 DCs that are also in the central > school department. Bit confusing, if 'not located' than won't it be the counter case for the '1st case?
r54239: * Bug #34223: 90_ucsschool/essential/test_samba4.py: added methods to start/stop services; detect if current DC is in a school branch site; perform udm list. 90_ucsschool/93_samba4_check_dc_selection: major change in logic - a DC from the same site (e.g. branch/central site) can be detected; new test case with 'samba-ad-dc' turned off.
The test script "91_samba4_gpc_two_way_replication" produced a traceback in the last Jenkins run in a single server environment: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Singleserver/11/SambaVersion=s4/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ Current server role is DC-Master, trying to find a DC-Slave in the domain for the test ### FAIL ### Could not find at least one IP address of the DC-Slave in the output of the udm list command ### ### Maybe it is needed to check if the script is running on a single server or multi server environment, as there is no DC-Slave by default on a single server environment, and it is created manually when needed.
(In reply to Ammar Najjar from comment #5) Wrong Bug -> this one is 90_ucsschool/93_samba4_check_dc_selection
(In reply to Dmitry Galkin from comment #6) > (In reply to Ammar Najjar from comment #5) > > Wrong Bug -> this one is 90_ucsschool/93_samba4_check_dc_selection Ah Sorry, I tracked the latest commit message which mentions this bug, please ignore comment 5.
The test script "90_ucsschool.93_samba4_check_dc_selection" failed in the last Jenkins run in a single server environment: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Singleserver/13/SambaVersion=s4/testReport/90_ucsschool/93_samba4_check_dc_selection/test/ . . Executing command: ('service', 'samba-ad-dc', 'start') Starting Samba AD DC daemon: samba. Checking if a right DC was located, correct options are: ['master201.autotest201.local'] The following message occured during 'net ads lookup' command execution, STDERR: ads_connect: No logon servers ads_connect: No logon servers Didn't find the cldap server! The 'Domain Controller:' line was not found in the output from 'net ads lookup', i.e. no Domain Controllers were located. ### FAIL ### No DCs were located while there is at least one correct option exists. ### ###
on a single master s4-with-slave it fails with a different message: . . Forcing the 'samba-ad-dc' service start to ensure it runs: Executing command: ('service', 'samba-ad-dc', 'start') Starting Samba AD DC daemon: samba. Checking if a right DC was located, correct options are: ['slave202.autotest201.local'] ### FAIL ### None of the correct DC options were found among the located DC: Information for Domain Controller: 10.210.2.164 Domain Controller: master201.autotest201.local ### ###
(In reply to Ammar Najjar from comment #8) > The test script "90_ucsschool.93_samba4_check_dc_selection" failed in the > last Jenkins run in a single server environment: > http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204. > 0%20Singleserver/13/SambaVersion=s4/testReport/90_ucsschool/ > 93_samba4_check_dc_selection/test/ > Executing command: ('service', 'samba-ad-dc', 'start') > Starting Samba AD DC daemon: samba. > > Checking if a right DC was located, correct options are: > ['master201.autotest201.local'] > > The following message occured during 'net ads lookup' command execution, > STDERR: > ads_connect: No logon servers > ads_connect: No logon servers > Didn't find the cldap server! > The 'Domain Controller:' line was not found in the output from 'net ads > lookup', i.e. no Domain Controllers were located. > ### FAIL ### > No DCs were located while there is at least one correct option exists. > ### ### The test has the following logic of discovering the Domain Controller: for DC-Slave -> itself or other DC-Slave within the same branch; for DC-Backup -> itself or DC-Master in a central department; for DC-Master -> itself or DC-Backup in a central department; and it will fail as long as 'net ads lookup' delivers something that is not in the list of "correct options", please see the code for more details. In some setups, like http://jenkins.knut.univention.de:8080/job/UCSschool%203.2R2%20Multiserver/114/SambaVersion=s4-school-only-with-slave/testReport/90_ucsschool/93_samba4_check_dc_selection/test/ we may observe that the test passes, as correct DCs are detected. I don't see the problem with the test itself.
Ok, the test looks good. Since it indicates some flaky behaviour with repect to Samba I created a UCS@school bug to check if something can/needs to be improved in the product.
I've re-enabled the test case and now disabled it again: r72192 + r72202. The problem seems to be that the DCs for the branch are not recognized correctly: [2016-09-01 20:45:07.405156] create_and_run_process(('udm', 'computers/domaincontroller_slave', 'list', '--filter', 'service=Samba 4'), shell=False) [2016-09-01 20:45:07.741610] [2016-09-01 20:45:07.741644] create_and_run_process(('sed', '-n', 's/^ fqdn: //p'), shell=False) [2016-09-01 20:45:07.745102] [2016-09-01 20:45:07.745120] The following DCs are located in the current School branch site: [2016-09-01 20:45:07.745131] slave2031.autotest203.local [2016-09-01 20:45:07.745141] slave2032.autotest203.local [2016-09-01 20:45:07.745148] slave2033.autotest203.local http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Multiserver/225/SambaVersion=s4-with-administration/testReport/90_ucsschool/93_samba4_check_dc_selection/test/
(In reply to Stefan Gohmann from comment #12) > I've re-enabled the test case and now disabled it again: r72192 + r72202. > > The problem seems to be that the DCs for the branch are not recognized > correctly: > > [2016-09-01 20:45:07.405156] create_and_run_process(('udm', > 'computers/domaincontroller_slave', 'list', '--filter', 'service=Samba 4'), > shell=False) > [2016-09-01 20:45:07.741610] > [2016-09-01 20:45:07.741644] create_and_run_process(('sed', '-n', 's/^ > fqdn: //p'), shell=False) > [2016-09-01 20:45:07.745102] > [2016-09-01 20:45:07.745120] The following DCs are located in the current > School branch site: > [2016-09-01 20:45:07.745131] slave2031.autotest203.local > [2016-09-01 20:45:07.745141] slave2032.autotest203.local > [2016-09-01 20:45:07.745148] slave2033.autotest203.local > > http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204. > 1%20(R2)%20Multiserver/225/SambaVersion=s4-with-administration/testReport/ > 90_ucsschool/93_samba4_check_dc_selection/test/ Re-enabled the test again because Bug #42305 could be the reason: r72370
Fixed some more issues: r72462 * 93_samba4_check_dc_selection: Use samba init script and parse the backup FQDN correctly (Bug #34223)
r74993: * 90_ucsschool/93_samba4_check_dc_selection: Skip test case again (Bug #34223)
This issue has been filled against UCS@school 4.1 (R2). The maintenance with bug and security fixes for UCS@school 4.1 (R2) has ended on 5th of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.