Author Topic: Master/Slave Samba Shares and User Accounts  (Read 10547 times)

axxxcel

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #15 on: October 28, 2010, 07:33:49 pm »
oh realy  :) i give it a try on sunday and report here if it works.
« Last Edit: November 02, 2010, 07:16:28 pm by axxxcel »

axxxcel

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #16 on: November 02, 2010, 04:39:11 pm »
still not working with Users and Groups 2.0.5

in the frontend i get the following error message

Code: [Select]
Einige Module meldeten ein Fehler beim Sichern der Änderungen. Weitere Informationen finden Sie in den Logs in /var/log/ebox/
The following modules failed while saving their changes, their state is unknown: samba
Click here to return to the Dashboard

in /var/log/ebox/ebox.log

Code: [Select]
2010/11/02 16:32:56 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command mkdir -p /home/samba/shares/install
chmod 0670 /home/samba/shares/install
chown ebox:__USERS__ /home/samba/shares/install failed.
Error output: chown: invalid group: `ebox:__USERS__'

Command output: .
Exit value: 1
2010/11/02 16:32:56 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2010/11/02 16:32:57 ERROR> Global.pm:568 EBox::Global::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Master/Slave Samba Shares and User Accounts
« Reply #17 on: November 03, 2010, 01:11:59 pm »
Hi axxxcel,

Is this an slave machine?

axxxcel

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #18 on: November 03, 2010, 01:15:54 pm »
yes.

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Master/Slave Samba Shares and User Accounts
« Reply #19 on: November 03, 2010, 02:53:18 pm »
Hi

The problem is also related with Users and Groups module, in the last days we have done some fixes in order to make NSS and PAM work. We will release a new version of the package as soon as possible, but there are still some things to do...

Best regards

Sepi

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
    • ITcorp Ltd.
Re: Master/Slave Samba Shares and User Accounts
« Reply #20 on: November 03, 2010, 07:58:52 pm »
Hi there,

I think this issue has been fixed with last ebox-samba release, if you want you can give it a try an tell us the result. You will need to reinstall ebox-usersandgroups module and reconfigure samba

Best regards

Hi there,

I tired the new version of ebox-samba within a fresh installation. But unfortunately the result is the same like below... :(
(Before installing the new package I followed the official master-slave documentation.)
I will looking for the solution of this problem, because I have to use master-slave installation in my company network.

Please post here how to be solved this problem...

Many thanks, this system is really well designed and easy to use..

Sepi


eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #21 on: November 06, 2010, 12:58:34 pm »
slave still not working ... 2.06 i think was the latest as of today 11/6/2010
reinstalled ebox-usersandgroups then tried to enable module this is what i got

Code: [Select]
Trace
Failed to enable: Couldn't bind to LDAP server, result code: 49 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74
EBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x25...') called at /usr/share/perl5/EBox/CGI/Base.pm line 262
EBox::CGI::Base::run('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x25...') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 35
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x254167a8)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x2547ae48)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x2547ae48)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x254167a8)') called at -e line 0
eval {...} called at -e line 0

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #22 on: November 06, 2010, 01:34:03 pm »
just for fun ...

1) i reinstalled usersandgroups on BOTH master and slave
2) added users on master
3) tried to add slave to master
4) NO JOY

i think 2.0.6 messed up everything   ???

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Master/Slave Samba Shares and User Accounts
« Reply #23 on: November 06, 2010, 04:22:36 pm »
Hi,

Can you please attach your ebox.log file, i'm trying to reproduce this problem

Thank you for your report
Best regards

eboxbuggy

  • Zen Monk
  • **
  • Posts: 89
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #24 on: November 06, 2010, 05:44:49 pm »
Hi,

Can you please attach your ebox.log file, i'm trying to reproduce this problem

Thank you for your report
Best regards
that's weird ... it works now ???

good thing i saved this ebox.log file when it was playing with it earlier

hope this helps

can't attach file says folder full
« Last Edit: November 12, 2010, 02:23:21 pm by eboxbuggy »

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Master/Slave Samba Shares and User Accounts
« Reply #25 on: November 07, 2010, 11:10:37 pm »
Hi,

I have detected and fixed a bug in users and groups module, a new version will be released soon.

Meanwhile if you want to give it a try here is the changeset:

http://trac.zentyal.org/changeset/19324

Now master-slave and NSS/PAM problems should be gone!

Best regards and thank you for your report

christian

  • Guest
Re: Master/Slave Samba Shares and User Accounts
« Reply #26 on: November 08, 2010, 10:20:54 am »
Is there any documentation or post explaining what you mean by "master/slave".
This is something I always find a bit confusing with Zentyal, especially when looking at restrictions while running Samba, master, slave etc..

I think I understand LDAP pretty well (I've deployed world wide LDAP infrastructure with custom schema and complex replicaiton scheme) but can't figure why such limitation occurs.
When I tried to investigate a bit more, I came under the impression that what you call "master/slave" is somewhat different from what I understand.

To me, ALL ldap servers being part of master/slave design should have exactly same content in term of schema and entries. The only difference between master and slave is that master accepts updates (entry creation, modiciaiton, delete) while slave works in "read only" mode and sends back referral (to master ldap servers) in case ldap clients tries to write on slave server.

Because of this, I don't understand why such limitation exists in you implementation and I don't understand why Zentyal components are not configured in such a way that one describes what is the main ldap server and what is the failover ldap server. After all, this is the only reason to have master/slave design (plus potentially some security reasons that might push not to have ldap master running on Zentyal server acting as internet gateway).

My approach is more toward users&groups design based on one single LDAP server (that is master), bringing replication capability for failover or performance reasons. Then new Zentyal instance deployment should contain, somewhere, parameter to identify LDAP server it relies on.

Is it standalone LDAP server ? if yes, then this is most likely local master
is it an existing ldap server ? remote ? Then one valid question is to decide whenever local replication (slave) should be deployed, but this is part of LDAP service redundancy, perf etc... not part of service (mail, samba etc) deployment.

So this is how I perceive this kind of deployment but I don't feel this is the way your implementation works but can't find any documentaiton expalining this.
 
Christian

axxxcel

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #27 on: November 09, 2010, 03:01:09 pm »
Hi,

I have detected and fixed a bug in users and groups module, a new version will be released soon.

Meanwhile if you want to give it a try here is the changeset:

http://trac.zentyal.org/changeset/19324

Now master-slave and NSS/PAM problems should be gone!

Best regards and thank you for your report

I Updated the Users and Groups to 2.0.7 on Master and Slave and File Sharing to 2.0.5 on Slave.

Then I setup a new user on the master and replication of this account went well.

But when I try to set up permissions for this user on a samba share i still get errors.

Here is my ebox.log (on slave) showing the update of the modules and the errors when creating permissions:

Code: [Select]
2010/11/09 14:51:20 INFO> ebox-update-packages:84 main::__ANON__ - Read:  Unpacking replacement ebox-samba ...
2010/11/09 14:51:20 INFO> ebox-update-packages:85 main::__ANON__ - R OT:  Unpacking replacement ebox-usersandgroups ...
2010/11/09 14:51:21 INFO> ebox-update-packages:84 main::__ANON__ - Read:  Setting up ebox-usersandgroups (2.0.7) ...
2010/11/09 14:51:21 INFO> ebox-update-packages:85 main::__ANON__ - R OT:  Unpacking replacement ebox-samba ...
2010/11/09 14:51:22 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 1 in users
2010/11/09 14:51:22 DEBUG> ebox-migrate:43 main::__ANON__ - Subroutine runGConf redefined at (eval 158) line 63, <GEN2> line 2.
2010/11/09 14:51:22 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 1 in usercorner
2010/11/09 14:51:22 DEBUG> ebox-migrate:43 main::__ANON__ - Subroutine runGConf redefined at (eval 160) line 44, <GEN2> line 3.
2010/11/09 14:51:22 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 3 in users
2010/11/09 14:51:22 DEBUG> ebox-migrate:43 main::__ANON__ - Subroutine runGConf redefined at (eval 161) line 44, <GEN2> line 4.
2010/11/09 14:51:22 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 4 in users
2010/11/09 14:51:22 DEBUG> ebox-migrate:43 main::__ANON__ - Subroutine runGConf redefined at (eval 162) line 48, <GEN2> line 5.
2010/11/09 14:51:22 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 5 in users
2010/11/09 14:51:22 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: users
2010/11/09 14:51:24 INFO> ebox-update-packages:84 main::__ANON__ - Read:  Setting up ebox-samba (2.0.5) ...
2010/11/09 14:51:24 INFO> ebox-update-packages:85 main::__ANON__ - R OT:  Setting up ebox-usersandgroups (2.0.7) ...
2010/11/09 14:51:24 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 1 in samba
2010/11/09 14:51:24 DEBUG> ebox-migrate:43 main::__ANON__ - Subroutine runGConf redefined at (eval 183) line 44, <GEN2> line 2.
2010/11/09 14:51:24 DEBUG> Base.pm:76 EBox::Migration::Base::executeGConf - Skipping migration to 2 in samba
2010/11/09 14:51:26 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: apache
2010/11/09 14:51:27 INFO> ebox-apache-restart:52 main:: - Waiting for apache to shutdown, attempt 0
2010/11/09 14:51:29 INFO> ebox-update-packages:84 main::__ANON__ - Read: end
2010/11/09 14:51:29 INFO> ebox-update-packages:85 main::__ANON__ - R OT:  Setting up ebox-samba (2.0.5) ...
2010/11/09 14:51:29 INFO> ebox-update-packages:110 main::__ANON__ - End packages installation
2010/11/09 14:51:29 INFO> Redis.pm:584 EBox::Config::Redis::_initRedis - Starting redis server
2010/11/09 14:51:46 INFO> Global.pm:471 EBox::Global::saveAllModules - Saving config and restarting services: firewall
2010/11/09 14:51:46 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2010/11/09 14:51:47 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/11/09 14:52:31 DEBUG> UsersAndGroups.pm:2803 EBox::UsersAndGroups::waitSync - Master users: 2
2010/11/09 14:52:31 DEBUG> UsersAndGroups.pm:2804 EBox::UsersAndGroups::waitSync - Replica users: 2
2010/11/09 14:52:31 DEBUG> UsersAndGroups.pm:2805 EBox::UsersAndGroups::waitSync - Master groups: 10
2010/11/09 14:52:31 DEBUG> UsersAndGroups.pm:2806 EBox::UsersAndGroups::waitSync - Replica groups: 10
2010/11/09 14:52:31 ERROR> Ldap.pm:697 EBox::Ldap::_errorOnLdap - $VAR1 = 'uid=mustermann,ou=Users,dc=svl00,dc=nmt,dc=lan';
2010/11/09 14:52:31 ERROR> Ldap.pm:699 EBox::Ldap::_errorOnLdap - Unknown error at EBox::UsersAndGroups::__ANON__ Referral received
2010/11/09 14:52:31 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command /usr/bin/test -d '/home/samba/profiles/mustermann' failed.
Error output:
Command output: .
Exit value: 1
2010/11/09 14:52:31 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command /usr/bin/test -d '/home/samba/profiles/mustermann.V2' failed.
Error output:
Command output: .
Exit value: 1
2010/11/09 14:53:01 INFO> Global.pm:471 EBox::Global::saveAllModules - Saving config and restarting services: firewall samba logs
2010/11/09 14:53:01 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2010/11/09 14:53:02 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/11/09 14:53:02 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: samba
2010/11/09 14:53:03 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command mkdir -p /home/samba/shares/install
chmod 0670 /home/samba/shares/install
chown ebox:__USERS__ /home/samba/shares/install failed.
Error output: chown: invalid group: `ebox:__USERS__'

Command output: .
Exit value: 1
2010/11/09 14:53:03 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2010/11/09 14:53:03 ERROR> Global.pm:568 EBox::Global::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba
2010/11/09 14:53:40 INFO> Global.pm:471 EBox::Global::saveAllModules - Saving config and restarting services: firewall samba logs
2010/11/09 14:53:40 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2010/11/09 14:53:41 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/11/09 14:53:41 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: samba
2010/11/09 14:53:42 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command mkdir -p /home/samba/shares/install
chmod 0670 /home/samba/shares/install
chown ebox:__USERS__ /home/samba/shares/install failed.
Error output: chown: invalid group: `ebox:__USERS__'

« Last Edit: November 09, 2010, 06:11:02 pm by axxxcel »

exekias

  • Zentyal Staff
  • Zen Warrior
  • *****
  • Posts: 196
  • Karma: +21/-0
    • View Profile
    • The Big Bug Theory
Re: Master/Slave Samba Shares and User Accounts
« Reply #28 on: November 10, 2010, 03:41:30 pm »
Hi axxxcel,

If you did not a full reinstall you will need to run this script in slave(s):

Code: [Select]
/usr/share/ebox-usersandgroups/zentyal-rejoin-slave


Give it a try and save samba changes again, and don't forget to tell us if this worked for you ;)

Thank you for your report

axxxcel

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Master/Slave Samba Shares and User Accounts
« Reply #29 on: November 10, 2010, 05:04:45 pm »
After i called the script i cant setup permissions in the frontend without an error.

I added a new share daten and only give the group "adminstratoren" access to this share and another share "install" with guest access and one user "mustermann"

But in the ebox.log errors still show up:

Code: [Select]
2010/11/10 16:41:38 DEBUG> SambaShares.pm:321 EBox::Samba::Model::SambaShares::createDirs - setfacl -m  /home/samba/shares/daten and setfacl -m d: /home/samba/shares/daten
2010/11/10 16:41:38 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command setfacl -m  /home/samba/shares/daten failed.
Error output: setfacl: Option -m: Invalid argument near character 1

Command output: .
Exit value: 2
2010/11/10 16:41:38 DEBUG> SambaShares.pm:326 EBox::Samba::Model::SambaShares::__ANON__ - Couldn't enable ACLs for /home/samba/shares/daten
2010/11/10 16:41:38 DEBUG> SambaShares.pm:321 EBox::Samba::Model::SambaShares::createDirs - setfacl -m u:mustermann:rx /home/samba/shares/install and setfacl -m d:u:mustermann:rx /home/samba/shares/install
2010/11/10 16:41:38 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: logs
2010/11/10 16:51:06 INFO> Global.pm:471 EBox::Global::saveAllModules - Saving config and restarting services: firewall samba logs
2010/11/10 16:51:06 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: firewall
2010/11/10 16:51:07 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/11/10 16:51:07 INFO> Base.pm:151 EBox::Module::Base::save - Restarting service for module: samba
2010/11/10 16:51:08 DEBUG> SambaShares.pm:321 EBox::Samba::Model::SambaShares::createDirs - setfacl -m  /home/samba/shares/daten and setfacl -m d: /home/samba/shares/daten
2010/11/10 16:51:08 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command setfacl -m  /home/samba/shares/daten failed.
Error output: setfacl: Option -m: Invalid argument near character 1

Command output: .
Exit value: 2
2010/11/10 16:51:08 DEBUG> SambaShares.pm:326 EBox::Samba::Model::SambaShares::__ANON__ - Couldn't enable ACLs for /home/samba/shares/daten

The result is, that i can browse the resources of the server, but cant access the share "daten".