@@ -, +, @@
heimdal_on_samba4_dc
---
.../diagnostic/plugins/heimdal_on_samba4_dc.py | 104 +++++++++++++++++++++
1 file changed, 104 insertions(+)
create mode 100755 management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py
--- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py
+++ a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py
@@ -0,0 +1,104 @@
+#!/usr/bin/python2.7
+# coding: utf-8
+#
+# Univention Management Console module:
+# System Diagnosis UMC module
+#
+# Copyright 2017 Univention GmbH
+#
+# http://www.univention.de/
+#
+# All rights reserved.
+#
+# The source code of this program is made available
+# under the terms of the GNU Affero General Public License version 3
+# (GNU AGPL V3) as published by the Free Software Foundation.
+#
+# Binary versions of this program provided by Univention to you as
+# well as other copyrighted, protected or trademarked materials like
+# Logos, graphics, fonts, specific documentations and configurations,
+# cryptographic keys etc. are subject to a license agreement between
+# you and Univention and not subject to the GNU AGPL V3.
+#
+# In the case you use this program under the terms of the GNU AGPL V3,
+# the program is provided in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License with the Debian GNU/Linux or Univention distribution in file
+# /usr/share/common-licenses/AGPL-3; if not, see
+# .
+
+import ldap
+import socket
+import psutil
+
+import univention.uldap
+
+import univention.config_registry
+from univention.management.console.modules.diagnostic import Critical
+
+from univention.lib.i18n import Translation
+_ = Translation('univention-management-console-module-diagnostic').translate
+
+title = _('Check Heimdal KDC on Samba 4 DC')
+description = _('Samba 4 KDC running.')
+umc_modules = [{'module': 'services'}]
+
+
+def is_service_active(service):
+ lo = univention.uldap.getMachineConnection()
+ raw_filter = '(&(univentionService=%s)(cn=%s))'
+ filter_expr = ldap.filter.filter_format(raw_filter, (service, socket.gethostname()))
+ for (dn, _attr) in lo.search(filter_expr, attr=['cn']):
+ if dn is not None:
+ return True
+ return False
+
+
+def samba_kdc_running():
+ try:
+ import samba.messaging
+ except ImportError:
+ return False
+ msg = samba.messaging.Messaging()
+ try:
+ ids = msg.irpc_servers_byname('kdc_server')
+ except KeyError:
+ return False
+ return bool(ids)
+
+
+def is_heimdal_kdc_running():
+ kdc_paths = ('/usr/lib/heimdal-servers/kdc', '/usr/lib/heimdal-servers/kpasswdd')
+ process_paths = (p.exe() for p in psutil.process_iter())
+ return any(path in kdc_paths for path in process_paths)
+
+
+def is_kerberos_autostart_disabled():
+ configRegistry = univention.config_registry.ConfigRegistry()
+ configRegistry.load()
+ return configRegistry.is_false('kerberos/autostart')
+
+
+def run():
+ error = _('This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`.')
+ heimdal_error = _('This may be, because Heimdal KDC seems to be running.')
+ autostart_error = _('This may be, because `kerberos/autostart` is not disabled.')
+ solution = _('You may want to stop Heimdal KDC and restart Samba via {services}')
+
+ if is_service_active('Samba 4') and not samba_kdc_running():
+ error_descriptions = [error]
+ if is_heimdal_kdc_running():
+ error_descriptions.append(heimdal_error)
+ if not is_kerberos_autostart_disabled():
+ error_descriptions.append(autostart_error)
+ error_descriptions.append(solution)
+ raise Critical('\n'.join(error_descriptions))
+
+
+if __name__ == '__main__':
+ from univention.management.console.modules.diagnostic import main
+ main()
--
heimdal_on_samba4_dc (po)
---
.../umc/python/diagnostic/de.po | 33 ++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
--- a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po
+++ a/management/univention-management-console-module-diagnostic/umc/python/diagnostic/de.po
@@ -2,8 +2,8 @@
msgid ""
msgstr ""
"Project-Id-Version: univention-management-console-module-diagnostic\n"
-"Report-Msgid-Bugs-To: packages@univention.de\n"
-"POT-Creation-Date: 2016-01-14 12:19+0100\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2017-06-06 18:36+0200\n"
"PO-Revision-Date: \n"
"Last-Translator: Univention GmbH \n"
"Language-Team: Univention GmbH \n"
@@ -27,6 +27,10 @@ msgstr ""
msgid "Adjust to suggested limits"
msgstr "An vorgeschlagene Limits anpassen"
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:46
+msgid "Check Heimdal KDC on Samba 4 DC"
+msgstr "Überprüfe Heimdal KDC auf Samba 4 DC"
+
#: umc/python/diagnostic/plugins/gateway.py:11
msgid "Gateway is not reachable"
msgstr "Gateway ist nicht erreichbar"
@@ -133,6 +137,10 @@ msgstr "Proxy-Server-Fehler"
msgid "SSH connection to UCS server failed!"
msgstr "SSH-Verbindung zu anderem UCS Server fehlgeschlagen!"
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:47
+msgid "Samba 4 KDC running."
+msgstr "Samba 4 KDC läuft."
+
#: umc/python/diagnostic/plugins/security_limits.py:14
msgid "Security limits exceeded"
msgstr "Sicherheitslimits überschritten"
@@ -249,6 +257,22 @@ msgstr ""
"an Samba-Servern unmöglich, Dateioperationen (Kopieren, Verschieben) auf "
"Freigaben kann fehlschlagen, uvm.)"
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:87
+msgid ""
+"This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`."
+msgstr ""
+"Dies ist ein Samba 4 DC, aber `samba-tool processes` zeigt keinen "
+"`kdc_server` an."
+
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:88
+msgid "This may be, because Heimdal KDC seems to be running."
+msgstr "Dies mag daher kommen, dass Heimdal KDC läuft."
+
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:89
+msgid "This may be, because `kerberos/autostart` is not disabled."
+msgstr ""
+"Dies mag daher kommen, dass `kerberos/autostart` nicht deaktiviert ist."
+
#: umc/python/diagnostic/plugins/proxy.py:83
#, python-format
msgid ""
@@ -260,6 +284,11 @@ msgstr ""
"dass Authentifikations-Zugangsdaten (falls existierend) korrekt sind und die "
"ACL's des Proxy-Servers nicht verbieten, Anfragen an %s zu stellen."
+#: umc/python/diagnostic/plugins/heimdal_on_samba4_dc.py:90
+#, python-brace-format
+msgid "You may want to stop Heimdal KDC and restart Samba via {services}"
+msgstr "Sie können Heimdal KDC per {services} stoppen und Samba neu starten."
+
#: umc/python/diagnostic/plugins/package_status.py:28
msgid "some"
msgstr "einigen"
--