Author Topic: 1.4 slave usersandgroups nasty bug  (Read 6817 times)

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #15 on: February 16, 2010, 09:10:38 am »
It should also be noted that without the ability to enable a samba administrator, its not possible to get any windows computers to join the samba domain.

can79

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #16 on: February 17, 2010, 04:33:22 am »
and still no solution?

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #17 on: February 17, 2010, 02:00:51 pm »
seems not... are we all shouting into space?

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #18 on: February 17, 2010, 03:47:29 pm »
Your problem is duly noted and I'll have a look at it as soon as I have some time.

Cheers!

Saturn2888

  • Zen Hero
  • *****
  • Posts: 707
  • Karma: +1/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #19 on: February 17, 2010, 04:30:31 pm »
Another thing I don't understand. You can't get computers to login the domain so long as no one has the admin checkbox?

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #20 on: February 17, 2010, 09:53:44 pm »
To all the space shouters out there, I think I just fixed the problem in the SVN.

It should be fixed in the next release, just wait for the next update of ebox-usersandgroups.

Please note that you might have problems with a given user if you already tried to set it as admin.

You can fix that by installing ldapvi in the slave:
Code: [Select]
sudo apt-get install ldapvi
,
running:
Code: [Select]
ldapvi -D "cn=ebox,dc=hardy4" --bind simple -w $(sudo cat /var/lib/ebox/conf/ebox-ldap.passwd) -b "dc=hardy4"
with your DN instead of dc=hardy4 (you can check it in the LDAP Info section in the master).

This will launch an editor with the content of your LDAP slave and there you should delete the memberUid: lines from the Domain Admins and Administrators groups. Save changes and then you should be able to set users as admin without any problem.

Remember you have to wait for the new ebox-usersandgroups update.

Cheers and sorry about this problem :)
« Last Edit: February 18, 2010, 12:23:44 am by isaac »

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #21 on: February 18, 2010, 02:43:31 pm »
thanks isaac - much appreciated!

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #22 on: February 20, 2010, 11:51:02 am »
i can confirm deleting member uid does not work. giving a user "admin" access in ebox gives this error
Code: [Select]
A really nasty bug has occurred
Exception
Unknown error at EBox::UsersAndGroups::addUserToGroup Referral received
Trace
Unknown error at EBox::UsersAndGroups::addUserToGroup Referral received at /usr/share/perl5/EBox/Ldap.pm line 712
EBox::Ldap::_errorOnLdap('Net::LDAP::Modify=HASH(0xb943d24)', 'HASH(0xb8bfee4)') called at /usr/share/perl5/EBox/Ldap.pm line 373
EBox::Ldap::modify('EBox::Ldap=HASH(0xa1d07f8)', 'cn=Domain Admins,ou=Groups,dc=server,dc=domain,dc=com', 'HASH(0xb8bfee4)') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 1732
EBox::UsersAndGroups::addUserToGroup('EBox::UsersAndGroups=HASH(0x9f16088)', 'adminuser', 'Domain Admins') called at /usr/share/perl5/EBox/Samba.pm line 844
EBox::Samba::setAdminUser('EBox::Samba=HASH(0xa6bb4bc)', 'adminuser', 'yes') called at /usr/share/perl5/EBox/CGI/Samba/ActiveSharing.pm line 79
EBox::CGI::Samba::ActiveSharing::_user('EBox::CGI::Samba::ActiveSharing=HASH(0xb95fc6c)') called at /usr/share/perl5/EBox/CGI/Samba/ActiveSharing.pm line 86
EBox::CGI::Samba::ActiveSharing::_process('EBox::CGI::Samba::ActiveSharing=HASH(0xb95fc6c)') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::Samba::ActiveSharing=HASH(0xb95fc6c)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'Samba/ActiveSharing', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0xb94337c)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xb8c0b08)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xb8c0b08)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0xb94337c)') called at -e line 0
eval {...} called at -e line 0

if i go back to editing, memberUid:adminuser is there. i now try to join domain in winxp. login failure or access denied

edit: i manually added the adminuser both in administrators & domain admin and can now login.

another problem though: i can only login the domain with admin user. normal users cannot login. check domain and password error
« Last Edit: February 20, 2010, 12:28:24 pm by eboxbuggy »

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #23 on: February 20, 2010, 12:21:30 pm »
 ??? philmills you said your LDAP works both on master/slave right? new users & groups added in master are updated on the slave right? I thought mine did until I tried to edit the group on the slave.

Code: [Select]
A really nasty bug has occurred
Exception
Can't call method "get_value" on an undefined value
Trace
Can't call method "get_value" on an undefined value at /usr/share/perl5/EBox/SambaLdapUser.pm line 740.

Can you try checking groups please?

edit: ;D I think I had too much coffee today. LDAP Slave Groups now work by removing samba ;D
« Last Edit: February 20, 2010, 12:40:31 pm by eboxbuggy »

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #24 on: February 22, 2010, 11:01:54 am »
I can see users and groups in both master and slave
My understanding though is that user and group changes should be made on the master not on the slave. the synchronisation between master and slave is not two-way, but rather is one way: Master -> Slave.  I'm not sure we can assume that Master/Slave works like PDC/BDC relationship in Windows server in respect to user accounts and groups...

Can any ebox team please confirm my understanding is correct?

Removing samba on the slave in order to get LDAP groups working, in my opinion renders the slave as good as useless, in that I'll be left with a slave which does nothing at all. Its bad enough that i can't run samba on the master. If its not on the slave either, then i may as well not have any servers at all.
« Last Edit: February 22, 2010, 11:04:27 am by philmills »

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #25 on: February 22, 2010, 11:42:21 am »
An eBox will always act as a PDC whether it is a standalone eBox or a slave eBox.

ebox-usersandgroups 1.4.3 is already available in the repository and contains the fix I did.

philmills

  • Zen Warrior
  • ***
  • Posts: 161
  • Karma: +8/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #26 on: February 22, 2010, 03:09:50 pm »
great  - thanks, i'll try it out

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #27 on: February 22, 2010, 03:47:51 pm »
had some errors on dist-upgrade
Code: [Select]
Setting up ebox-ca (1.4.1-0ubuntu1~ppa1~hardy1) ...
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 48.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 49.
Use of uninitialized value in subroutine entry at /usr/share/perl5/EBox/Gettext.pm line 72.

testing samba ldap slave now will report results after  ;D crossfingers

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #28 on: February 22, 2010, 04:41:35 pm »
woot  ;D

samba pdc on slave now working ... thanks I can now sleep soundly tonight  ;D

isaac

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +0/-0
    • View Profile
Re: 1.4 slave usersandgroups nasty bug
« Reply #29 on: February 22, 2010, 04:43:50 pm »
Good :)