Bug 35863

Summary:	Heimdal on Samba 4 DCs
Product:	UCS	Reporter:	Stefan Gohmann <gohmann>
Component:	UMC - System diagnostic	Assignee:	Lukas Oyen <oyen>
Status:	CLOSED FIXED	QA Contact:	Arvid Requate <requate>
Severity:	enhancement
Priority:	P5	CC:	oyen, requate
Version:	UCS 4.0	Flags:	oyen: Patch_Available+
Target Milestone:	UCS 4.2-2-errata
Hardware:	Other
OS:	Linux
What kind of report is it?:	---	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:
Attachments:	35863-diagnostic-heimdal-on-samba4-dc-420.patch

Description Stefan Gohmann

2014-09-10 08:28:51 CEST

We should add a system diagnostic plugin which checks if this system is a Samba 4 DC and Heimdal KDC has been started. In this case the module should link to the system service module and recommend the stop of Heimdal KDC and the restart of the Samba 4 service.

Comment 1 Lukas Oyen

2017-06-07 14:54:33 CEST

Created attachment 8908 [details]
35863-diagnostic-heimdal-on-samba4-dc-420.patch

The attached patch adds a new check `heimdal_on_samba4_dc.py`. This checks on machines with the `Samba 4` service, if `samba-tool processes` shows `kdc_server`.

If not, it is checked if `kerberos/autostart` is enabled or if Heimdal KDC is running as those may prevent Samba from starting the `kdc_server` component.

A critical error is shown, if `kdc_server` is not running.

Comment 2 Lukas Oyen

2017-08-01 16:25:20 CEST

Committed in r81605 - r81606 (advisory r81649).

Comment 3 Arvid Requate

2017-08-24 21:48:06 CEST

Ok worked with

/etc/init.d/samba stop
ucr set kerberos/autostart=yes
_SYSTEMCTL_SKIP_REDIRECT=yes /etc/init.d/heimdal-kdc start
/etc/init.d/samba start

Comment 4 Erik Damrose

2017-09-20 15:03:36 CEST

<http://errata.software-univention.de/ucs/4.2/166.html>