Univention Bugzilla – Bug 49840
New installed school slave is not quite usable
Last modified: 2021-02-23 11:40:34 CET
In two customer environments a new installed edu-slave, which was joined afterwards, was not fully usable. The main issue is, that shares are not usable, because students and teachers get an access denied, trying to access the share, for example "Marktplatz" Investigating the issue I found incorrectly set file permissions like root@slave:~# ls -lah /home/ insgesamt 48K drwxr-xr-x 9 root root 4,0K Jun 6 11:33 . drwxr-xr-x 22 root root 4,0K Jun 6 12:29 .. drwx--x--x 4 Administrator Domain Admins 4,0K Jun 5 09:35 Administrator drwxr-xr-x 3 root root 4,0K Jun 4 17:22 backup drwx------ 10 root nogroup 4,0K Jun 6 12:00 sun drwxr-xr-x 2 root root 4,0K Jun 4 17:25 groups drwx------ 2 root root 16K Jun 4 12:20 lost+found → sun (OU) does not have the default permissions --------------------------------------- root@slave:/usr/share/pyshared/univention/admin/hooks.d# ls -lah insgesamt 24K drwxr-xr-x 2 root root 4,0K Jun 4 15:08 . drwxr-xr-x 5 root root 4,0K Jun 4 12:24 .. -rwxr-xr-x 1 root root 0 Mär 17 21:31 __init__.py -rw------- 1 root nogroup 1,6K Jun 4 17:41 schoolAdminGroup.py -rw------- 1 root nogroup 3,0K Jun 4 17:41 schoolOU.py -rw------- 1 root nogroup 3,2K Jun 4 17:41 ucsschool_purge_timestamp.py -rw------- 1 root nogroup 2,7K Jun 4 17:41 ucsschool_user_options.py The Listener shows these messages: 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_user_options.py failed 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: TRACEBACK: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files with open(fn, 'r') as fd: IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_user_options.py' 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolOU.py failed 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: TRACEBACK: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files with open(fn, 'r') as fd: IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolOU.py' 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_purge_timestamp.py failed 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: TRACEBACK: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files with open(fn, 'r') as fd: IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_purge_timestamp.py' 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolAdminGroup.py failed 08.06.19 16:31:37.775 ADMIN ( ERROR ) : admin.syntax.import_hook_files: TRACEBACK: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files with open(fn, 'r') as fd: IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolAdminGroup.py' -------------------------------------------------------- Additionly root@slave:~# ls -lah /var insgesamt 56K drwxr-xr-x 14 root root 4,0K Jul 10 13:29 . drwxr-xr-x 22 root root 4,0K Jul 12 10:00 .. drwxr-xr-x 2 root root 4,0K Jul 12 06:25 backups drwxr-xr-x 28 root root 4,0K Jul 10 13:48 cache drwxr-xr-x 69 root root 4,0K Jul 12 09:59 lib drwxrwsr-x 2 root staff 4,0K Mär 5 08:35 local lrwxrwxrwx 1 root root 9 Jul 10 12:55 lock -> /run/lock drwxr-xr-x 15 root root 4,0K Jul 12 10:00 log drwxrwsr-x 2 root mail 4,0K Jul 10 12:55 mail drwxr-xr-x 2 root root 4,0K Jul 10 12:55 opt lrwxrwxrwx 1 root root 4 Jul 10 12:55 run -> /run drwxr-xr-x 10 root root 4,0K Jul 10 13:31 spool drwxrwxrwt 5 root root 4,0K Jul 12 10:04 tmp drwxr-xr-x 4 root root 4,0K Jul 12 03:30 univention-backup drwx------ 2 root root 4,0K Jul 11 14:27 univention-join drwxr-xr-x 4 root root 4,0K Jul 10 14:51 www univention-join comes with wrong permissions too ----------------------------------------------------------
Something more about the environment: The first customer used an ucs 4.3-4 for installation and joined after the installation. He reinstalled the slave on my advice an after that, the slave was fine. The second customer used an ucs 4.4-0 for installation and joined after the installation. After having trouble with the shares, he reinstalled again and still have trouble and asked for help now. ---------------------------------------------- Both customers uses virtualization. The first virtualized with Proxmox the second one uses VMWare. The second one told me, that he installed with the same iso image and repartitioned the medium. I don't know the procedure of the first one.
The second customer (39471) now reported back, that another attempt to install the slave fails again. They deleted all partitions and ran the setup again, and they get the same error, again.
(In reply to Christina Scheinig from comment #0) > The Listener shows these messages: Which listener modules are installed / used on the slave? See Bug #49549#c1
(In reply to Stefan Gohmann from comment #3) > (In reply to Christina Scheinig from comment #0) > > The Listener shows these messages: > > Which listener modules are installed / used on the slave? > > See Bug #49549#c1 I tried the command provided by Philipp: grep Umask /proc/$(pgrep -f /usr/sbin/univention-directory-listener)/status → Umask: 0022 Attached the univention-directory-listener-ctrl status
Created attachment 10118 [details] directory-listener-ctrl-status
JFYI: I know that the listener samba-shares / nfs-shares sometimes change directory permissions of a share, if they are defined as a share in the LDAP. But I doubt that this is the problem.
Can we get the join.log and listener.log from the customer? (these files should contain the output of the listener during join and the time after join).
The logfiles are now attached to the ticket.
(In reply to Christina Scheinig from comment #8) > The logfiles are now attached to the ticket. #2019071121000722
The problem of the second customer is solved for now, too. They have set everything to the beginning. " - Download the iso again - The entire machine is deleted in the VM Ware. - The school deleted from UCS " Maybe there is a wording problem with "school deleted from UCS" and "server deleted from UCS" I questioned that in my ticket response.
(In reply to Christina Scheinig from comment #10) > The problem of the second customer is solved for now, too. > > They have set everything to the beginning. > " > - Download the iso again > - The entire machine is deleted in the VM Ware. > - The school deleted from UCS > " > > Maybe there is a wording problem with "school deleted from UCS" and "server > deleted from UCS" I questioned that in my ticket response. In more detail: In the UMC you have deleted everything that was created for the new school (school and networks). The data center has deleted the entire VM container again and provided a new one. Then the ISO was loaded again and reinstalled. Then everything worked.
Both Tickets have been resolved successfully. Was the cause of the issue identified while fixing the problem in the customer environments? Can the issue be reproduced?
(In reply to Erik Damrose from comment #12) > Both Tickets have been resolved successfully. Was the cause of the issue > identified while fixing the problem in the customer environments? Can the > issue be reproduced? I would guess, that there was an issue with the iso image. I have not tried to reproduce the issue here.
Media problem.
Seems to have occurred again with a backup server, so I recommend a new installation. I have checked the umask from Bug 49549, but it is okay: :~/univention-support# grep Umask /proc/$(pgrep -f /usr/sbin/univention-directory-listener)/status Umask: 0022 Installed Listener Modules: Modules: 3 app_attributes /usr/lib/univention-directory-listener/system/app_attributes.py 3 bind /usr/lib/univention-directory-listener/system/bind.py 3 cups-pdf /usr/lib/univention-directory-listener/system/cups-pdf.py 3 cups-printers /usr/lib/univention-directory-listener/system/cups-printers.py 3 faillog /usr/lib/univention-directory-listener/system/faillog.py 3 gencertificate /usr/lib/univention-directory-listener/system/gencertificate.py 3 hosteddomains /usr/lib/univention-directory-listener/system/hosteddomains.py 3 keytab-member /usr/lib/univention-directory-listener/system/keytab-member.py 3 keytab /usr/lib/univention-directory-listener/system/keytab.py 3 ldap_extension /usr/lib/univention-directory-listener/system/ldap_extension.py 3 ldap_server /usr/lib/univention-directory-listener/system/ldap_server.py 3 license_uuid /usr/lib/univention-directory-listener/system/license_uuid.py 3 nagios-client /usr/lib/univention-directory-listener/system/nagios-client.py 3 nfs-homes /usr/lib/univention-directory-listener/system/nfs-homes.py 3 nfs-shares /usr/lib/univention-directory-listener/system/nfs-shares.py 3 nscd_update /usr/lib/univention-directory-listener/system/nscd.py 3 nss /usr/lib/univention-directory-listener/system/nss.py 3 office365-group /usr/lib/univention-directory-listener/system/office365-group.py 3 office365-user /usr/lib/univention-directory-listener/system/office365-user.py 3 pkgdb-watch /usr/lib/univention-directory-listener/system/pkgdb-watch.py 3 portal_groups /usr/lib/univention-directory-listener/system/portal_groups.py 3 portal_server /usr/lib/univention-directory-listener/system/portal_server.py 3 pupilgroups /usr/lib/univention-directory-listener/system/pupilgroups.py 3 quota /usr/lib/univention-directory-listener/system/quota.py 3 remove-old-homedirs /usr/lib/univention-directory-listener/system/remove-old-homedirs.py 3 remove-old-sharedirs /usr/lib/univention-directory-listener/system/remove-old-sharedirs.py 3 replication /usr/lib/univention-directory-listener/system/replication.py 3 s4-connector /usr/lib/univention-directory-listener/system/s4-connector.py 3 samba4-idmap /usr/lib/univention-directory-listener/system/samba4-idmap.py 3 samba-shares /usr/lib/univention-directory-listener/system/samba-shares.py 3 ucs-school-user-logonscript /usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py 3 udm_extension /usr/lib/univention-directory-listener/system/udm_extension.py 3 umc-service-providers /usr/lib/univention-directory-listener/system/umc-service-providers.py 3 univention-admin-diary-backend /usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py 3 univention-saml-groups /usr/lib/univention-directory-listener/system/univention-saml-groups.py 3 univention-saml-idp-config /usr/lib/univention-directory-listener/system/univention-saml-idp-config.py 3 univention-saml-servers /usr/lib/univention-directory-listener/system/univention-saml-servers.py 3 univention-saml-simplesamlphp-configuration /usr/lib/univention-directory-listener/system/univention-saml-simplesamlphp-configuration.py 3 well-known-sid-name-mapping /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py
I think this was a 4.4-6 errata750 installation. → The first entry in the updater.log