Univention Bugzilla – Bug 49193
Check if the samba4 Password is changed properly, after a server-password-change
Last modified: 2019-12-13 10:24:25 CET
After a Server-Password-Change samba does not work anymore. The Server-Password-Change did not change the password properly. The Logfile shows after the univention-samba4 postchange → Modified 1 records successfully a traceback of samba-tool. run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind postchange run-parts: /usr/lib/univention-server/server_password_change.d/univention-bind exited with return code 1 run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap postchange File: /etc/libnss-ldap.conf run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd postchange Restarting nscd (via systemctl): nscd.service. run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-samba4 postchange Modified 1 records successfully ERROR(runtime): uncaught exception - Unable to load default file File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 825, in run lp = sambaopts.get_loadparm() File "/usr/lib/python2.7/dist-packages/samba/getopt.py", line 92, in get_loadparm self._lp.load_default() Stopping samba-ad-dc (via systemctl): samba-ad-dc.service. Stopping smbd (via systemctl): smbd.service. Stopping nmbd (via systemctl): nmbd.service. Starting nmbd (via systemctl): nmbd.service. Starting smbd (via systemctl): smbd.service. Starting samba-ad-dc (via systemctl): samba-ad-dc.service. done (Thu Mar 7 01:06:19 CET 2019)
Successful build Package: univention-server Version: 14.0.0-3A~4.4.0.201904181418 Branch: ucs_4.4-0 Scope: errata4.4-0 User: jbremer Host: dimma.knut.univention.de Successful build Package: univention-samba4 Version: 8.0.0-19A~4.4.0.201904181411 Branch: ucs_4.4-0 Scope: errata4.4-0 User: jbremer Host: dimma.knut.univention.de d4f60296a2 Bug #49193: Change samba password earlier in server_password_change and to be able to rollback if this fails. ========================================== The local samba password change is now performed earlier in server_password_change, to be able to abort the password change and rollback if it fails to do so.
Created attachment 9989 [details] 1.diff Ok, three small suggestions for improvement attached: * avoid code duplication in server_password_change * restore original /etc/krb5.keytab if samba password change failed * abort also if ldbmodify of secret.ldb fails (unlikely)
b8aee4cbdb Bug #49193: Restore keytab if samba password change fails and code cleanup f4d2705c85 Bug #49193: Fix typo Successful build Package: univention-server Version: 14.0.0-5A~4.4.0.201904251135 Branch: ucs_4.4-0 Scope: errata4.4-0 User: jbremer Successful build Package: univention-samba4 Version: 8.0.0-20A~4.4.0.201904251103 Branch: ucs_4.4-0 Scope: errata4.4-0 User: jbremer I applied your patch and and fixed some typos
Created attachment 9997 [details] 2.diff Ok, it works but the error messages could be improved, see attached proposal.
applied patch and updated yaml a7b4868b3d0aa02dd98007df636dd81c7afcc094 86cc52810771a1b612e78fd6489821952c4c2c3e
Ok.
<http://errata.software-univention.de/ucs/4.4/106.html> <http://errata.software-univention.de/ucs/4.4/107.html>