Author Topic: eBox .11.2 PDC part looks broken  (Read 3841 times)

heyste

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
eBox .11.2 PDC part looks broken
« on: January 02, 2008, 11:46:46 pm »
Hi Everyone,

Anyone else had a problem with a clean install of 0.11.2 and joining PCs to the Samba PDC ? I have a working setup of 0.10 .When I try to join my 0.11.2 PDC the client can't find the PDC but with my 0.10 PDC it works 100%.

Used nbtstat -A {eBox_ip_address} and got the following <snipped> results.

eBox 0.11.2
           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER3        <00>  UNIQUE      Registered
    SERVER3        <03>  UNIQUE      Registered
    SERVER3        <20>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
    EBOX           <00>  GROUP       Registered
    EBOX           <1C>  GROUP       Registered
    EBOX           <1E>  GROUP       Registered

eBox 0.10
           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER4        <00>  UNIQUE      Registered
    SERVER4        <03>  UNIQUE      Registered
    SERVER4        <20>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
    EBOX4          <00>  GROUP       Registered
    EBOX4          <1B>  UNIQUE      Registered
    EBOX4          <1C>  GROUP       Registered
    EBOX4          <1D>  UNIQUE      Registered
    EBOX4          <1E>  GROUP       Registered

The magic item missing from 0.11.2 is "<1B>  UNIQUE      Registered" which fits some of the info listed here.
Also, I used WireShark to check the traffic between the client and eBox. The client is doing a netbios name query for the Domain <1B>, which it can't find due to the missing <1B> not been advertised by eBox. Hopefully, this can be confirmed soon and fixed ;D

The project looks promising and Thanks for the effort so far eBox Guys !

Best Regards,
Stephen



jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #1 on: January 03, 2008, 04:23:51 pm »
I think this stems from a uidNumber bug I have noticed in the latest version.  Chances are you have duplicate uidNumbers for the Machine account.  I'm just guessing at this point, but I plan on spending some time on it this weekend.  Should be pretty straight forward samba stuff.

Go ahead and do a "slapcat|grep uidNumber" and see if you have any duplicates.  If you do...that might be an indication.

Jim
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

austin

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #2 on: January 03, 2008, 07:32:22 pm »
I am also having the same issue.. the I did the slapcat|grep and it turns out that I do have duplicate UID numbers.. now what should I do?  *consults samba docs*

# slapcat|grep uidNumbe
/etc/ldap/slapd.conf: line 57: rootdn is always granted unlimited privileges.
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ebox/ldap: (2)
Expect poor performance for suffix dc=ebox.
uidNumber: 2001
uidNumber: 2001

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #3 on: January 03, 2008, 11:13:12 pm »
Hi,

I'll try to reproduce your issue during tomorrow and I'll get back to you as soon as I figure out what's happening.

You'll have an answer tomorrow :)

austin

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #4 on: January 03, 2008, 11:24:20 pm »
thanks javi! let me know if you need me to test anything

jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #5 on: January 04, 2008, 02:42:17 am »
I am also having the same issue.. the I did the slapcat|grep and it turns out that I do have duplicate UID numbers.. now what should I do? 

I thought that might be the case.  The fix is simple, but it requires some changes of your LDAP tree.  The simplest way to do this with a LDAP admin tool like phpldapadmin. I've become so spoiled with ldap tools, I've forgotten much of the command line syntax...forgive me! :)

Here's some phpldapadmin instructions:

1) Install phpldapadmin on a client computer.

2) Edit two lines in the conig.php (Assuming ebox ip is 192.168.1.1)
Code: [Select]
/* Examples:
   'ldap.example.com',
   'ldaps://ldap.example.com/',
   'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
           (Unix socket at /usr/local/var/run/ldap) */
$ldapservers->SetValue($i,'server','host','192.168.1.1');

/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
   auto-detect it for you. */
$ldapservers->SetValue($i,'server','base',array('dc=ebox'));

3) Open phpldapadmin in browser and authenticate to ebox server using admindn (cn=admin,dc=ebox).  [See attachment screenshot]

4)  Browse to Computers->YOUR_COMPUTER->change the uidNumber to something higher...to be safe change it to 2100.

If i spend about ten minutes I can whip out the ldap commad line of need be.

regards,


Jim








"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #6 on: January 04, 2008, 02:49:58 pm »
Hi again,

I've just tested the PDC thing and I haven't been able to reproduce your bug. I successfully added one machine to the domain using a user with administration privileges, and I could log into the domain with a normal user from the Windows XP machine.

Regarding the uidNumber issue, I noticed that if you add the machine to the domain through windows XP -add machine to domain, prompted user/pass- the uidNumber is used correctly by samba and it does not reuse it even if the entry in sambaDomainName contains an already used number.

I would need more info like describing very accurately the steps you follow to try reproduce the problem.


jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #7 on: January 04, 2008, 03:15:15 pm »
Well, we know the PDC won't update the uidumber if you join another samba machine to the domain.  Perhaps those having the issue have also tried to add a samba domain member.  I actually haven't added any windows machines to my domain here,  so I don't actually have the issue duplicated either.

"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

austin

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #8 on: January 04, 2008, 07:07:47 pm »
thanks for the tips.. Ill give this stuff a go this evening..

jcanfield

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +2/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #9 on: January 04, 2008, 07:14:34 pm »
Javi fixed this....

http://people.warp.es/~javi/ebox-usersandgroups_0.11.3_all.deb

1) install the .deb (dpkg -i ebox-usersandgroups_0.11.3_all.deb)
2) /etc/init.d/ebox apache restart

This won't replace existing duplicates, but will prevent it from happening again.




« Last Edit: January 05, 2008, 03:18:42 am by jcanfield »
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius...and a lot of courage - to move in the opposite direction."  --  Albert Einstein

austin

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #10 on: January 15, 2008, 07:25:43 pm »
when installing the pdc patch.. I saw this...

pdc800:~# dpkg -i ebox-usersandgroups_0.11.3_all.deb
(Reading database ... 24986 files and directories currently installed.)
Preparing to replace ebox-usersandgroups 0.11.2 (using ebox-usersandgroups_0.11.3_all.deb) ...
Unpacking replacement ebox-usersandgroups ...
Setting up ebox-usersandgroups (0.11.3) ...
Stopping OpenLDAP: slapd.
Can't use string ("/ebox/modules/services/serviceTa") as a HASH ref while "strict refs" in use at /usr/share/perl5/EBox/GConfModule.pm line 416.
Starting OpenLDAP: slapd.




I feel I remember seeing this error somewhere else as well...
Can't use string ("/ebox/modules/services/serviceTa") as a HASH ref while "strict refs" in use at /usr/share/perl5/EBox/GConfModule.pm line 416.

timeJunky

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #11 on: January 20, 2008, 01:44:24 pm »
suffering on the same bug with hash on
/ebox-ro/modules/network/data_ve

but different line #
/usr/share/perl5/EBox/GConfModule.pm line 916


any solution?


« Last Edit: January 20, 2008, 01:53:47 pm by timeJunky »

javi

  • Zen Hero
  • *****
  • Posts: 1042
  • Karma: +0/-0
    • View Profile
Re: eBox .11.2 PDC part looks broken
« Reply #12 on: January 20, 2008, 04:07:32 pm »
Could you send me a bug report please to try reproduce that?

juruen at warp dot es