Univention Bugzilla – Bug 51886
905_ucsschool_check_backend check is to simple, recommends wrong solution
Last modified: 2021-03-25 08:14:16 CET
905_ucsschool_check_backend checks if ucr ldap/backend is samba4. If it is not, is claims that "Samba4 is not correctly installed", without giving any further hint what is wrong. In addition, it also runs on central DC Backups and Slaves, who are not required to have samba4 installed. This is confusing for customers and debugging the issue is time consuming.
Under what circumstances _must_ UCRV "dns/backend" be set to "samba4"?
(In reply to Daniel Tröder from comment #1) > Under what circumstances _must_ UCRV "dns/backend" be set to "samba4"? 1. Origin: Bug 50503 introduced the check and there are support tickets linked. AFAICS the problems occured only on UCS@school school servers (missing DNS entries). I'm not sure if "UCRV 'dns/backend' _must_ be set to 'samba4'" is the best approach for these cases. Maybe the underlying issue from the support cases could/should be fixed in the S4-Connector? 2. Must: However, there is one more case where "UCRV 'dns/backend' _must_ be set to 'samba4'": On UCS@school school servers when using school-spanning users with regards to a unified "sambahome" path. We propose this solution: https://docs.software-univention.de/ucsschool-import-handbuch-4.4.html#ou_spanning_account This works fine, but we re-write a DNS entry in the local Samba AD directory via the local S4 connector. In this case, 'dns/backend=ldap' will break the functionality. 3. Check: IMHO 905_ucsschool_check_backend is based on wrong assumptions 3.1 It checks also on Master/Backup/central Slave. These roles are allowed to use "dns/backend=ldap". 3.2 It checks if 'samba' is installed or not. If it's not, it claims that "Samba4 is not correctly installed". However, Master/Backup/central Slave are allowed to not have Samba installed at all. In fact, a lot of recent "school cloud" scenarios are perfectly fine without a Samba AD DC (https://docs.software-univention.de/ucsschool-szenarien-4.4.html#scenario-1).
So the only valid criteria is being a school server? Detection code could check: 1. role == replication node 2. UCS@school installed 3. machine account located below a school-OU If these three are true, then "univention-samba4" must be installed and dns/backend must be set to "samba4", right?
(In reply to Michael Grandjean from comment #2) > 3.2 It checks if 'samba' is installed or not. If it's not, it claims that > "Samba4 is not correctly installed". However, Master/Backup/central Slave > are allowed to not have Samba installed at all. In fact, a lot of recent > "school cloud" scenarios are perfectly fine without a Samba AD DC > (https://docs.software-univention.de/ucsschool-szenarien-4.4.html#scenario- > 1). Installing samba4 in that case leads to even more problems: Bug 52464 - Well Known SID Issues in Systemdiagnoses after installing samba4 after ucsschool on the master I am raising the bug impact.
The diagnostic should only run on a single master or a edu-dc-slave. I implemented a check for that in the diagnostic module on branch troehmey/bug51886_fix_diagnostic_module_905 with: 0d873e3b7 Bug #51886: check if single master or school server
QA → REOPEN ucr.is_false("ucsschool/singlemaster") → is "" (unset) on multi-server environments on DC masters. This way, the code still gets executed. ⇾ Should have default value True Other than that the code looks good.
Fixed issue mentioned in comment #7 with 02dafd47b Bug #51886: fixup, add default value
I haven't tried it, but from what I read, the code would not exit on a domaincontroller_backup but would exit for an administrativ DC.
I fixed the issue mentioned in comment #9 with 475670058 Bug #51886: exclude dc backups from check
QA → All OK → Reopen Please squash, merge & build in 4.4
Merged to 4.4 with commits 8c1a5ed81 Bug #51886: added yaml entry cc7945bc2 Bug #51886: added changelog entry 1d3c3839c Bug #51886: Merge branch 'troehmey/bug51886_fix_diagnostic_module_905' into 4.4 eadb0dd4f Bug #51886: check if single master or school server Successful build: Package: ucs-school-umc-diagnostic Version: 1.0.0-18A~4.4.0.202101191417 Branch: ucs_4.4-0 Scope: ucs-school-4.4
QA → All OK → Verify - Merge → OK - Changelog → OK - Yaml → OK
*** Bug 52861 has been marked as a duplicate of this bug. ***
UCS@school 4.4 v9 has been released. https://docs.software-univention.de/changelog-ucsschool-4.4v9-de.html If this error occurs again, please clone this bug.