Univention Bugzilla – Bug 35653
Add AD member mode to system setup
Last modified: 2014-11-26 06:54:06 CET
It should be possible to configure the AD member mode in the initial system setup wizard during the installation.
See also Bug #35805 for adding the base system. One suggestion for the pages: ------------------------------------------------------------------------------- Please select your domain settings: ( ) Create a new UCS domain Configure this system as first system for the new domain. Additional systems can join the domain later. ( ) Join into an existing Active Directory domain The system will become part of the existing Active Directory domain. ( ) Join into an existing UCS domain Use this option if you have already one or more UCS systems. ( ) Don't use any domain This should only be used in rare use cases, for exmaple as firewall systems. If unsure, select "Create an new UCS domain". ------------------------------------------------------------------------------- If AD join was selected ------------------------------------------------------------------------------- Active Directory join information Address of Active Directory domain controller or name of Active Directory domain (*) [ ] Active Directory account (*) [ Administrator ] Active Directory password (*) [ ] ------------------------------------------------------------------------------- After the data were insert, system setup should check the domain. If there is no other UCS system in the domain, the system should be configured as DC master automatically. If there is already a DC master, the wizard should go to the role page. System role ------------------------------------------------------------------------------- Specify the type of this system ( ) Domain controller backup A DC backup is the fallback system for the UCS DC master an can take over the role of the DC master permanently. It is recommended to use at least one DC backup in the domain. ( ) Domain controller slave DC slave systems are ideal for site servers, they provide authentication services for the domain. Local services running on a DC slave can access the local LDAP database. ( ) Member server Member servers should be used for services which don't need a local authentication database, for example for file or print servers. ------------------------------------------------------------------------------- Join settings, if backup, slave or member were selected and joining into an UCS domain ------------------------------------------------------------------------------- [X] Start join at the end of installation [X] Search Domain controller master in DNS Hostname of Domain controller master [ ] Administration account (*) [ Administrator ] Administration password (*) [ ] ------------------------------------------------------------------------------- The field "Hostname of Domain controller master" should be disabled if "Search ... in DNS" is activated. If 'No domain' were selected ------------------------------------------------------------------------------- No domain warning The installed UCS system will not offer any web-based domain management functions and will not be able to be a domain member. Such an UCS system should only be used in some rare use cases, for example as firewall system. If unsure, go back and select a different option. ------------------------------------------------------------------------------- One problem could be the availability of the network connection. During the installation we don't have any problem because the network is up and running. I think we should move the network configuration before the domain setup. That means we can't decide if we ask for both DNS server types. So, we have to ask for only one DNS server type (not like in UCS 3 for Domain DNS and External DNS servers). Possibilities: - if the system is DC master and not part of an AD domain: The given DNS server will be configured as forwarder and the local server will become the DNS server - if the system is DC master and part of an AD domain: The given DNS server will be configured as DNS server. - if the system is a Backup/Slave and not part of an AD domain: If the given DNS server is a UCS system or offers the UCS data we configure this DNS server as Domain DNS server. The DNS forwarder will be set to the same value as on the DC master, that means we will set it during the join. The local server will be set as first Domain DNS server. - if the system is a Backup/Slave and part of an AD domain: The same as above expect we don't set the local server as DNS server. - if the system is a Member We set the given DNS server as normal DNS server If a join is not possible we should re-ask for the DNS setting. Comments?
As discussed, the structure will be adapted as follows: * Welcome page with city search (hidden for Debian installer) * Locale settings page (hidden for Debian installer) * Network settings page with the fields for IP addresses/masks/prefix, DNS servers, proxy server * Domain settings page (see comment 1) * Role selection page (see comment 1) * Credentials page * For AD Join with fields: AD server, admin credentials (see comment 1), maybe email address for UCS activation? → credentials will be checked upon clicking on "next" * For UCS join (non master): admin credentials, checkbox "Join system", eventually checkbox + field for entering the UCS master → credentials will be checked upon clicking on "next" * For UCS master: organization name, email address, Administrator password * Extra page (or maybe integrated in a different page?) for hostname/FQDN + root password * Software selection (depending on system role; for AD join, role needs to be determined automatically) * Confirmation page * If join failed, offer a button to jump to network settings page directly; this is to avoid a dead end road if network settings have been misconfigured in the Debian installer
(In reply to Alexander Kläser from comment #2) > ... > * Network settings page with the fields for IP addresses/masks/prefix, DNS > servers, proxy server This page should also be hidden if the Debian Installer is active.
(In reply to Alexander Kläser from comment #2) > ... > * Network settings page with the fields for IP addresses/masks/prefix, DNS > ... > * Credentials page > * For AD Join with fields: AD server, admin credentials (see comment 1), > maybe email address for UCS activation? Maybe the AD server does not need to be entered here? It could already be entered on the network page as DNS server?
*** Bug 35475 has been marked as a duplicate of this bug. ***
AD is selectable but it does not work in interim-2. The check whether an AD controller is located at the DNS server always returns False, meaning that the ApplianceWizard will refuse to accept AD as a choice. But the overall option is present, the pages were added resp. reordered so I call this FIXED for interim-2.
Some issues: * Domain and network configuration: You have added "Name server of the domain" and "Alternate UCS domain name server". I think we should simple add "DNS server" or better 'Preferred DNS server" and "Alternate DNS server". * Domain setup: Better use "Please select your domain settings:" instead of the current question "Will the system ..." As discussed, please re-check the text used in Comment #1.
Revised the wording, fixed a lot of usability issues (some are still present...). I will set this to RESOLVED for now. In my tests I had some difficulties to actually join an AD. Error was a non-parsable time string. Not sure whether this is my fault or a incorrectly configured AD.
Move all unfinished MS1 and MS2 bugs to RC.
I was able to install master, backup, slave, member successfully with the new system setup.
(In reply to Stefan Gohmann from comment #1) > One problem could be the availability of the network connection. During the > installation we don't have any problem because the network is up and > running. > I think we should move the network configuration before the domain setup. > That means we can't decide if we ask for both DNS server types. So, we have > to ask for only one DNS server type (not like in UCS 3 for Domain DNS and > External DNS servers). Possibilities: I've installed a DC master and then I installed a DC backup. In the debian installer network configuration I used a different name server which didn't exist. In system setup (installer) I selected a DC backup. No domain controller could be found at the given name server address which was correct. After that I changed the name server value to the UCS system but I was still unable to join. After changing the name of the DC master to the IP address, system setup proceeded. Is the changed network setting not used directly?
(In reply to Stefan Gohmann from comment #11) > Is the changed network setting not used directly? This was Bug#36110 which was FIXED recently.
This has become really good. I've created a new bug for the case you have already a UCS master in an Active Directory domain. I think the role selection text should be adapted for it: Bug #36529 I found a few issues in newly added text. So I rechecked univention-system-setup/umc/js/de.po. My suggestions: Old: "Wählen Sie diese Option, falls bereits mindestens ein UCS-Systeme existiert." Suggestion: "Wählen Sie diese Option, falls bereits mindestens ein UCS-System existiert." Old: "UCS-Einrichtung - Ein Fehler trat auf" Suggestion: "UCS-Einrichtung - Ein Fehler ist aufgetreten" Old: "Das System tritt einer existierenden AD-Domäne bei mit der Rolle <i>%s</i>." Suggestion: "Das System tritt einer existierenden AD-Domäne mit der Rolle <i>%s</i> bei." Old: "Das System tritt einer existierenden UCS-Domäne bei mit der Rolle <i>%s</i>." Suggestion: "Das System tritt einer existierenden UCS-Domäne mit der Rolle <i>%s</i> bei." Old: "This system will become part of the existing Active Directory domain." Suggestion: "This system will become part of an existing Active Directory domain." Old: "Es gibt keine weiteren physikalischen Netzwerkgeräte zum hinzufügen." Suggestion: "Es gibt keine weiteren physikalischen Netzwerkgeräte zum Hinzufügen." Old: "Das Root-Passwort ist zu kurz, aus Sicherheitsgründen sollte es mindestens 8 " "Zeichen lang sein." Suggestion: "Das Root-Passwort ist zu kurz, aus Sicherheitsgründen muss es mindestens 8 " "Zeichen lang sein." Old: "Start join at the end of installation" Suggestion: "Start join at the end of the installation" Old: "Specify credentials to join into the UCS Domain." Suggestion: "Specify credentials to join into the UCS domain." Old: "Specify credentials to join into the Active Directory." Suggestion: "Specify credentials to join into the Active Directory domain." Old: "Gibt die Ports an, die zu der Bridge hinzugefügt werden." Suggestion: "Bitte geben Sie die Ports an, die zu der Bridge hinzugefügt werden." Old: msgid "Software component" msgstr "Softwarekomponenten" Suggestion: msgid "Software component" msgstr "Softwarekomponente" Old: "Einstellungen über die Organisation" Suggestion: "Einstellungen der Organisation" Old: "Es wurden keine Änderungen vorgenommen." Suggestion: "Es wurden keine Änderungen durchgeführt." Old: "Sollen der Nameserver und Gateway gesetzt werden: %s" Suggestion: "Sollen der DNS-Server und Gateway gesetzt werden: %s" Old: "Die IP-Adresse wird dynamisch bezogen über DHCP" Suggestion: "Die IP-Adresse wird dynamisch über DHCP bezogen" Old: "Geben Sie eine nahegelegene Stadt ein zur Einrichtung von Zeitzone, " "Systemsprache, Tastaturlayout." Suggestion: "Geben Sie eine nahegelegene Stadt zur Einrichtung von Zeitzone, " "Systemsprache und Tastaturlayout ein." Old: msgid "Back to overview" msgstr "" Suggestion: msgid "Back to overview" msgstr "Zurück zur Übersicht" Old: msgstr "Änderungen anwenden" Suggestion: msgstr "Änderungen übernehmen" Old: "Adresse des Active Directory-Domänencontrollers oder des Namens der Active " "Directory-Domäne" Suggestion: "Adresse des Active Directory-Domänencontrollers oder Name der Active " "Directory-Domäne" Old: "A DC backup is the fallback system for the UCS DC master an can take over " "the role of the DC master permanently. It is recommended to use at least one " "DC backup in the domain." Suggestion: "A DC backup is the fallback system for the UCS DC master and can take over " "the role of the DC master permanently. It is recommended to use at least one " "DC backup in the domain." Old: "<p>Mit den aktuellen Einstellungen ist <b> kein </b> Internetzugriff möglich." "</p><p>Dadurch werden einige Funktionen wie zum Beispiel das Appcenter oder " "Software-Aktualisierungen nicht zur Verfügung stehen.</p>" Suggestion: "<p>Mit den aktuellen Einstellungen ist <b> kein </b> Internetzugriff möglich." "</p><p>Dadurch werden einige Funktionen wie zum Beispiel das App Center oder " "Software-Aktualisierungen nicht zur Verfügung stehen.</p>"
Wording/typos changed in univention-system-setup 8.1.56-2.769.201411100935
(In reply to Dirk Wiesenthal from comment #14) > Wording/typos changed in > univention-system-setup 8.1.56-2.769.201411100935 OK, looks good.
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".