Univention Bugzilla – Full Text Bug Listing |
Summary: | Shares on member server unreachable if master is shut down | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | LDAP | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=13784 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 38078 |
Description
Felix Botner
2014-11-18 12:53:13 CET
I was able to add multiple LDAP server. Unfortunately, winbind didn't switch automatically. root@member405:~# testparm -s 2>&1 | grep -i ldap_url idmap config * : ldap_url = ldap://slve403.deadlock40.intranet:7389 ldap://backup402.deadlock40.intranet:7389 ldap://master401.deadlock40.intranet:7389 root@member405:~# Ticket #2015012921000958 At least with UCS 4.0 it is not a samba/winbind issue. The problem is the univention-home-mounter which creates a LDAP connection via getMachineConnection. By default getMachineConnection uses the reconnect option which results into a 10 seconds timeout. (In reply to Stefan Gohmann from comment #3) > At least with UCS 4.0 it is not a samba/winbind issue. The problem is the > univention-home-mounter which creates a LDAP connection via > getMachineConnection. By default getMachineConnection uses the reconnect > option which results into a 10 seconds timeout. To be exact not only a samba/winbind issue. I also need to add the multiple LDAP servers to the idmap backend otherwise winbindd will run into a timeout: [2015/01/14 02:29:55.614817, 0] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2015/01/14 02:29:55.615582, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect) Connection to LDAP server failed for the 11 try! [2015/01/14 02:29:56.617526, 0] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2015/01/14 02:29:56.620058, 1] ../source3/lib/smbldap.c:1206(get_cached_ldap_connect) Connection to LDAP server failed for the 12 try! I've changed the following packages to solve this issue: * univention-python I've added an option to disable the reconnect to getAdminConnection and getMachineConnection. YAML: 2015-03-18-univention-python.yaml Fix: r59175 * univention-home-mounter The home-mounter script now disables the LDAP reconnect. YAML: 2015-03-18-univention-home-mounter.yaml Fix: r59177 * univention-quota The user-quota script now disables the LDAP reconnect. YAML: 2015-03-18-univention-quota.yaml Fix: r59192 * univention-samba ldap/server/addtion LDAP servers are now automatically added to the ldap_url idmap configuration. YAML: 2015-03-19-univention-samba.yaml Fix: r59199 still some long timeouts (master with s4 shut down, slave with s4 and member with univention-samba) -> time smbclient //member/opt -U Administrator%univention -c exit session setup failed: NT_STATUS_IO_TIMEOUT ->time smbclient //member/opt -U Administrator%univention -c exit Domain=[FOUR] OS=[Windows 6.1] Server=[Samba 4.2.0rc2-Debian] real 0m12.210s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m10.369s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m12.185s -> time smbclient //member/opt -U Administrator%univention -c exit Domain=[FOUR] OS=[Windows 6.1] Server=[Samba 4.2.0rc2-Debian] Problem seems to be /etc/pam.d/common-session. Without univention-mount-homedir and univention-user-quota in /etc/pam.d/common-session, i get -> time smbclient //member/opt -U Administrator%univention -c exit real 0m3.263s -> time smbclient //member/opt -U Administrator%univention -c exit real 0m2.056s That's right. As discussed, we will solve it with Bug #36989 / Bug #28729. OK - share access without running master server (univention-samba, s4) OK - univention-home-mounter (reconnect option) OK - univention-python (reconnect option) OK - univention-quota (reconnect option) OK - univention-samba (idmap config * : ldap_url) OK - 2015-03-19-univention-samba.yaml OK - 2015-03-18-univention-home-mounter.yaml OK - 2015-03-18-univention-quota.yaml OK - 2015-03-18-univention-python.yaml |