Univention Bugzilla – Bug 41079
Check AD Connector / Member mode with UCS 3.3
Last modified: 2016-06-07 21:35:41 CEST
The AD Connector / Member mode should be checked with UCS 3.3.
FAIL - takeover Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background result = func(self, request) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 107, in copy_domain_data takeover.join_to_domain_and_copy_domain_data(ip, username, password, self.progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 282, in join_to_domain_and_copy_domain_data takeover.join_AD(progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 855, in join_AD run_and_output_to_log(["/etc/init.d/samba4", "stop"], log.debug) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 1971, in run_and_output_to_log p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) File "/usr/lib/python2.6/subprocess.py", line 623, in __init__ errread, errwrite) File "/usr/lib/python2.6/subprocess.py", line 1141, in _execute_child raise child_exception OSError: [Errno 2] Datei oder Verzeichnis nicht gefunden I guess this is the /etc/init.d/samba4 stop/start stuff in takeover.py. There is no such init script on my UCS 3.3 (only /etc/init.d/samba and /etc/init.d/samba-ad-dc). We have to (a) Provide a link /etc/init.d/samba4 to the right init script (i am not sure if samba4 has to point to samba or samba-ad-dc, probably samba-ad-dc). or, (b) fix our package, /etc/init.d/samba4 is used in univention-ldap - univention-backup2master univention-join - univention-join univention-management-console-module-adtakeover - umc/python/adtakeover/takeover.py univention-ldb-modules - debian/libunivention-ldb-modules.postinst - 97libunivention-ldb-modules.inst - 03libunivention-ldb-modules.uinst univention-s4-connector - 97univention-s4-connector.inst univention-printserver - debian/univention-printserver.postinst univention-printserver - cups-printers.py OK - AD connector * installation/initialization * sync (win <-> ucs) * password change via win/ucs * logon (ucs users on win, win users on ucs) OK - Member mode * installation/initialization * sync (win -> ucs) * logon (win users on ucs) * password change ucs/Win
(In reply to Felix Botner from comment #1) > FAIL - takeover > > Traceback (most recent call last): > File > "/usr/lib/pymodules/python2.6/univention/management/console/modules/ > adtakeover/__init__.py", line 60, in _background > result = func(self, request) > File > "/usr/lib/pymodules/python2.6/univention/management/console/modules/ > adtakeover/__init__.py", line 107, in copy_domain_data > takeover.join_to_domain_and_copy_domain_data(ip, username, password, > self.progress) > File > "/usr/lib/pymodules/python2.6/univention/management/console/modules/ > adtakeover/takeover.py", line 282, in join_to_domain_and_copy_domain_data > takeover.join_AD(progress) > File > "/usr/lib/pymodules/python2.6/univention/management/console/modules/ > adtakeover/takeover.py", line 855, in join_AD > run_and_output_to_log(["/etc/init.d/samba4", "stop"], log.debug) > File > "/usr/lib/pymodules/python2.6/univention/management/console/modules/ > adtakeover/takeover.py", line 1971, in run_and_output_to_log > p = subprocess.Popen(cmd, stdout=subprocess.PIPE, > stderr=subprocess.STDOUT) > File "/usr/lib/python2.6/subprocess.py", line 623, in __init__ > errread, errwrite) > File "/usr/lib/python2.6/subprocess.py", line 1141, in _execute_child > raise child_exception > OSError: [Errno 2] Datei oder Verzeichnis nicht gefunden > > I guess this is the /etc/init.d/samba4 stop/start stuff in takeover.py. > There is no such init script on my UCS 3.3 (only /etc/init.d/samba and > /etc/init.d/samba-ad-dc). > > We have to > > (a) > > Provide a link /etc/init.d/samba4 to the right init script (i am not sure if > samba4 has to point to samba or samba-ad-dc, probably samba-ad-dc). > > or, (b) > > fix our package, /etc/init.d/samba4 is used in > univention-ldap > - univention-backup2master > univention-join > - univention-join > univention-management-console-module-adtakeover > - umc/python/adtakeover/takeover.py > univention-ldb-modules > - debian/libunivention-ldb-modules.postinst > - 97libunivention-ldb-modules.inst > - 03libunivention-ldb-modules.uinst > univention-s4-connector > - 97univention-s4-connector.inst > univention-printserver > - debian/univention-printserver.postinst > univention-printserver > - cups-printers.py > > OK - AD connector > * installation/initialization > * sync (win <-> ucs) > * password change via win/ucs > * logon (ucs users on win, win users on ucs) > > OK - Member mode > * installation/initialization > * sync (win -> ucs) > * logon (win users on ucs) > * password change ucs/Win arvid rebuilt samba with 15_add_samba4_init.patch
We need the changes from https://forge.univention.org/bugzilla/show_bug.cgi?id=39222 adtakeover fails with 2016-05-03 19:41:14,211 WARNING: No path in service IPC$ - making it unavailable! 2016-05-03 19:41:14,211 NOTE: Service IPC$ is flagged unavailable. 2016-05-03 19:41:14,932 ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' 2016-05-03 19:41:14,932 File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run 2016-05-03 19:41:14,933 return self.run(*args, **kwargs) 2016-05-03 19:41:14,933 File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 354, in run 2016-05-03 19:41:14,934 self.seize_role(role, samdb, force) 2016-05-03 19:41:14,934 File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 256, in seize_role 2016-05-03 19:41:14,935 master_owner = get_fsmo_roleowner(samdb, m.dn) 2016-05-03 19:41:14,935 File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 43, in get_fsmo_roleowner 2016-05-03 19:41:14,936 master_owner = res[0]["fSMORoleOwner"][0] 2016-05-03 19:41:16,053 trying samba-tool fsmo seize --role=naming --force again: 2016-05-03 19:41:16,054 Calling: samba-tool fsmo seize --role=naming --force 2016-05-03 19:41:16,396 WARNING: The "syslog" option is deprecated
(In reply to Felix Botner from comment #3) > We need the changes from > https://forge.univention.org/bugzilla/show_bug.cgi?id=39222 > > adtakeover fails with > > 2016-05-03 19:41:14,211 WARNING: No path in service IPC$ - making it > unavailable! > 2016-05-03 19:41:14,211 NOTE: Service IPC$ is flagged unavailable. > 2016-05-03 19:41:14,932 ERROR(<type 'exceptions.KeyError'>): uncaught > exception - 'No such element' > 2016-05-03 19:41:14,932 File > "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in > _run > 2016-05-03 19:41:14,933 return self.run(*args, **kwargs) > 2016-05-03 19:41:14,933 File > "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 354, in run > 2016-05-03 19:41:14,934 self.seize_role(role, samdb, force) > 2016-05-03 19:41:14,934 File > "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 256, in > seize_role > 2016-05-03 19:41:14,935 master_owner = get_fsmo_roleowner(samdb, m.dn) > 2016-05-03 19:41:14,935 File > "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 43, in > get_fsmo_roleowner > 2016-05-03 19:41:14,936 master_owner = res[0]["fSMORoleOwner"][0] > 2016-05-03 19:41:16,053 trying samba-tool fsmo seize --role=naming --force > again: > 2016-05-03 19:41:16,054 Calling: samba-tool fsmo seize --role=naming --force > 2016-05-03 19:41:16,396 WARNING: The "syslog" option is deprecated merged changes from Bug #39222 Tested: AD Member * init/install * Join * AD sync (read) * Password change AD Takeover * init/install * takeover * Windows join * Windows logon AD Connector * init/install * sync (sync) * Password change * Windows logon
Traditional AD-Connector setup with AD Password service (AD firewall off and no SSL certificates uploaded from AD) gives these rejects in connector.log: ============================================================================ 24.02.2015 05:13:29,70 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/connector/__init__.py", line 1281, in sync_to_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.6/univention/connector/ad/password.py", line 331, in password_sync res = get_password_from_ad(connector, rid) File "/usr/lib/pymodules/python2.6/univention/connector/ad/password.py", line 138, in get_password_from_ad ssl=ssl_init(s.fileno()) File "/usr/lib/pymodules/python2.6/univention/connector/ad/password.py", line 76, in ssl_init meth = M2Crypto.__m2crypto.sslv2_method(); AttributeError: 'module' object has no attribute 'sslv2_method' ============================================================================ So we need to backport the patch for Bug 36654.
merged changes from Bug 36654 (ssl_init), Bug 32265 (start after logrotate) and Bug 41141 (group members) univention-ad-connector: 8.100.0-1.493.201605261127
Ok, all three cases work against a W2K8R2 with latest updates: * AD Takeover * AD Member * AD Connector bi-directional SSL with password service (updated pwdump version) I added a changelog entry: The Univention AD-Connector has been rebuilt with SSLv3 support (<u:bug>41079</u:bug>)
UCS 3.3 has been released: https://docs.software-univention.de/release-notes-3.3-0-en.html https://docs.software-univention.de/release-notes-3.3-0-de.html If this error occurs again, please use "Clone This Bug".