Master/slave problems again

[zergius]

I have 1.4 eBox instaled to 2 servers, one of them is master and have just ebox-userandgroups package, the second is slave, it have ebox-samba. Replication come good, but after it I cant look the information about user, or group in slave. Insted of info i get this:

Code: [Select]

A really nasty bug has occurred
Exception
Unknown error at EBox::SambaLdapUser::_getAccountFlags Referral received
Trace
Unknown error at EBox::SambaLdapUser::_getAccountFlags Referral received at /usr/share/perl5/EBox/Ldap.pm line 712
EBox::Ldap::_errorOnLdap('Net::LDAP::Search=HASH(0xa741660)', 'HASH(0xa66ace8)') called at /usr/share/perl5/EBox/Ldap.pm line 351
EBox::Ldap::search('EBox::Ldap=HASH(0x96916d8)', 'HASH(0xa66ace8)') called at /usr/share/perl5/EBox/SambaLdapUser.pm line 848
EBox::SambaLdapUser::_getAccountFlags('EBox::SambaLdapUser=HASH(0xa20a2f8)', 'test') called at /usr/share/perl5/EBox/SambaLdapUser.pm line 858
EBox::SambaLdapUser::_userSharing('EBox::SambaLdapUser=HASH(0xa20a2f8)', 'test') called at /usr/share/perl5/EBox/SambaLdapUser.pm line 459
EBox::SambaLdapUser::_userAddOns('EBox::SambaLdapUser=HASH(0xa20a2f8)', 'test') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 2135
EBox::UsersAndGroups::allUserAddOns('EBox::UsersAndGroups=HASH(0x96914d4)', 'test') called at /usr/share/perl5/EBox/CGI/UsersAndGroups/User.pm line 50
EBox::CGI::UsersAndGroups::User::_process('EBox::CGI::UsersAndGroups::User=HASH(0x90484a0)') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::UsersAndGroups::User=HASH(0x90484a0)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'UsersAndGroups/User', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x8f90c34)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x8f90cd0)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x8f90cd0)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x8f90c34)') called at -e line 0
eval {...} called at -e line 0Olso new share folder doesn't creat in /home/samba/user.

What i have done wrong, i had install this from this FAQ http://trac.ebox-platform.com/wiki/Document/HowTo/EBoxMasterSlaveSetup

[isaac]

Uhm, not sure

Can you run, replacing username with the name of one of your users and dc=hardy with your DN, this:

Code: [Select]

sudo slapcat -F /etc/ldap/slapd-replica.d/ -s 'uid=username,ou=Users,dc=hardy'

sudo slapcat -F /etc/ldap/slapd-translucent.d/ -s 'uid=username,ou=Users,dc=hardy'

ldapsearch -D 'cn=ebox,dc=hardy2' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=username,ou=Users,dc=hardy'

ldapsearch -D 'cn=ebox,dc=hardy2' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=username,ou=Users,dc=hardy' sambaAcctFlags
and paste the output here?

Thanks

[zergius]

Here is out:

Code: [Select]

sudo slapcat -F /etc/ldap/slapd-replica.d/ -s 'uid=test,ou=Users,dc=kodi,dc=local'
slapcat: slap_init no backend for "uid=test,ou=Users,dc=kodi,dc=local"


Code: [Select]

sudo slapcat -F /etc/ldap/slapd-translucent.d/ -s 'uid=test,ou=Users,dc=kodi,dc=local'
slapcat: slap_init no backend for "uid=test,ou=Users,dc=kodi,dc=local"

Code: [Select]

ldapsearch -D 'cn=ebox,dc=kodi,dc=local' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=test,ou=Users,dc=kodi,dc=local'
ldap_bind: Invalid credentials (49)

Code: [Select]

ldapsearch -D 'cn=ebox,dc=kodi,dc=local' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=test,ou=Users,dc=kodi,dc=local' sambaAcctFlags
ldap_bind: Invalid credentials (49)
I think something realy wrong...

[isaac]

Uhm, just run:

Code: [Select]

% sudo slapcat -F /etc/ldap/slapd-replica.d | head
and see what does that output.

[zergius]

Here is it:

Code: [Select]

sudo slapcat -F /etc/ldap/slapd-replica.d | head
dn: dc=ldap,dc=kodi,dc=local
structuralObjectClass: glue
objectClass: top
objectClass: glue
entryUUID: 284ce4fa-a901-102e-8276-514b5f009df6
creatorsName: cn=ebox,dc=ldap,dc=kodi,dc=local
createTimestamp: 20100208122324Z
entryCSN: 20100208122324.079157Z#000000#000#000000
modifiersName: cn=ebox,dc=ldap,dc=kodi,dc=local
modifyTimestamp: 20100208122324Z
slapcat: error writing output.

[isaac]

Ok, as you can see from there your DN is:

Code: [Select]

dc=ldap,dc=kodi,dc=local
not just dc=kodi,dc=local.

Try again all the commands I wrote before using the proper DN ('dc=ldap,dc=kodi,dc=local') that is, adding 'dc=ldap' there.

[zergius]

Code: [Select]

sudo slapcat -F /etc/ldap/slapd-replica.d/ -s 'uid=test,ou=Users,dc=ldap,dc=kodi,dc=local'
dn: uid=test,ou=Users,dc=ldap,dc=kodi,dc=local
cn: first last
uid: test
sn: last
uidNumber: 2001
gidNumber: 1901
homeDirectory: /nonexistent
userPassword:: e1NIQX1qTElqZlFaNXlvamJaR1RxeGcycFkwVlJPV1E9
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
eboxSha1Password: {SHA}jLIjfQZ5yojbZGTqxg2pY0VROWQ=
eboxMd5Password: {MD5}gnzLDuqKcGxMNKFokfhOew==
eboxLmPassword: AEBD4DE384C7EC43AAD3B435B51404EE
eboxNtPassword: 7A21990FCD3D759941E45C490F143D5F
eboxDigestPassword: {MD5}kNEjvJZpIxeUJZ7fZUYRyg==
eboxRealmPassword: {MD5}90d123bc9669231794259edf654611ca
structuralObjectClass: inetOrgPerson
entryUUID: 51a56d1e-a905-102e-8ba5-991f8442c7a4
creatorsName: cn=ebox,dc=ldap,dc=kodi,dc=local
createTimestamp: 20100208135511Z
givenName: first
description: test
entryCSN: 20100208135511.360681Z#000000#000#000000
modifiersName: cn=ebox,dc=ldap,dc=kodi,dc=local
modifyTimestamp: 20100208135511Z


Code: [Select]

sudo slapcat -F /etc/ldap/slapd-translucent.d/ -s 'uid=test,ou=Users,dc=ldap,dc=kodi,dc=local'said nothing... =((

Code: [Select]

ldapsearch -D 'cn=ebox,dc=ldap,dc=kodi,dc=local' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=test,ou=Users,dc=ldap,dc=kodi,dc=local'
# extended LDIF
#
# LDAPv3
# base <uid=test,ou=Users,dc=ldap,dc=kodi,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# test, Users, ldap.kodi.local
dn: uid=test,ou=Users,dc=ldap,dc=kodi,dc=local
cn: first last
uid: test
sn: last
uidNumber: 2001
gidNumber: 1901
homeDirectory: /nonexistent
userPassword:: e1NIQX1qTElqZlFaNXlvamJaR1RxeGcycFkwVlJPV1E9
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
eboxSha1Password: {SHA}jLIjfQZ5yojbZGTqxg2pY0VROWQ=
eboxMd5Password: {MD5}gnzLDuqKcGxMNKFokfhOew==
eboxLmPassword: AEBD4DE384C7EC43AAD3B435B51404EE
eboxNtPassword: 7A21990FCD3D759941E45C490F143D5F
eboxDigestPassword: {MD5}kNEjvJZpIxeUJZ7fZUYRyg==
eboxRealmPassword: {MD5}90d123bc9669231794259edf654611ca
givenName: first
description: test

# search result
search: 2
result: 32 No such object

# numResponses: 2
# numEntries: 1


Code: [Select]

ldapsearch -D 'cn=ebox,dc=ldap,dc=kodi,dc=local' -H 'ldap://127.0.0.1:1390/' -x -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b 'uid=test,ou=Users,dc=ldap,dc=kodi,dc=local' sambaAcctFlags
# extended LDIF
#
# LDAPv3
# base <uid=test,ou=Users,dc=ldap,dc=kodi,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: sambaAcctFlags
#

# test, Users, ldap.kodi.local
dn: uid=test,ou=Users,dc=ldap,dc=kodi,dc=local

# search result
search: 2
result: 32 No such object

# numResponses: 2
# numEntries: 1


[isaac]

Ok, as I said, the master uses SOAP to call a method in the slave so it runs some actions, apparently they haven't been run. Can you check in the master in Users and Groups => Slave status if you have some pending actions?

Cheers!

[zergius]

Yap, on the master size all changes have been shown:

Code: [Select]

Slave Operation Parameter
samba addUser zerg
samba addGroup IT
samba updateGroup IT
samba updateGroup IT
samba delUser zerg
samba addUser test
samba updateGroup IT
samba addGroup test

[isaac]

Ok, then it's just that the master can't contact the slave to notify these changes. First of all, try if you can access the slave from the master with telnet. In the master run:

Code: [Select]

telnet 192.168.122.204 443
with the appropriate IP address of your slave?

The output should be something like:

Code: [Select]

Trying 192.168.122.204...
Connected to 192.168.122.204.
Escape character is '^]'.
if you can connect properly.

If you can't connect probably you need to change something in the firewall setup so the master can connect to the slave in port 443.

[zergius]

No, it's good in both ways, master to slave and slave to master... But the same way it dosn't work... =((

[isaac]

Ok, then run:

Code: [Select]

sudo tail -f /var/log/ebox/ebox.log
in both the master and the slave and then in another terminal in the master run:

Code: [Select]

sudo /usr/share/ebox-usersandgroups/slave-sync
.

And paste here the output produced in the log files.

[zergius]

There was this error on master size:

Code: [Select]

2010/02/09 12:00:05 DEBUG> SOAPClient.pm:108 EBox::SOAPClient::__ANON__ - 500 Can't connect to samba:443 (Bad hostname 'samba')
So i go to my dns (eBox 1.2), add master and slave names and IPs there, and everithings go fine... But i think it's not best way... Can i rewrite this somewhere?

And one more, while i try all of this on master i create some groups and users and now i have this in logs on master:

Code: [Select]

2010/02/09 12:15:07 ERROR> SOAPClient.pm:181 EBox::SOAPClient::AUTOLOAD - Server side: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 604.
2010/02/09 12:15:07 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method addUser with param zerg on slave HASH(0x8daecc0) failed
2010/02/09 12:15:10 ERROR> SOAPClient.pm:181 EBox::SOAPClient::AUTOLOAD - Server side: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 604.
2010/02/09 12:15:10 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method addGroup with param IT on slave HASH(0x8daecc0) failed
2010/02/09 12:15:13 ERROR> SOAPClient.pm:181 EBox::SOAPClient::AUTOLOAD - Server side: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 604.
2010/02/09 12:15:13 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method addUser with param test on slave HASH(0x8daecc0) failed
2010/02/09 12:15:17 ERROR> SOAPClient.pm:181 EBox::SOAPClient::AUTOLOAD - Server side: Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/UsersAndGroups.pm line 604.
2010/02/09 12:15:17 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method addGroup with param test on slave HASH(0x8daecc0) failed
2010/02/09 12:15:17 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method delGroup with param test on slave HASH(0x8daecc0) failed
2010/02/09 12:15:17 DEBUG> slave-sync:77 main::__ANON__ - Trying to run method delGroup with param IT on slave HASH(0x8daecc0) failed
As i can understand it's not bad, but it's not the best...

[isaac]

Yeah, the master has to be able to resolve the slaves' names, either a DNS or the master's /etc/hosts file are good options.

There seems to be some problems still with actually running the scripts. Does anything show up in the slaves logs?

[zergius]

Salve's logs are empty...