Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: heyste on January 02, 2008, 11:46:46 pm

Title: eBox .11.2 PDC part looks broken
Post by: heyste on January 02, 2008, 11:46:46 pm

Hi Everyone,

Anyone else had a problem with a clean install of 0.11.2 and joining PCs to the Samba PDC ? I have a working setup of 0.10 .When I try to join my 0.11.2 PDC the client can't find the PDC but with my 0.10 PDC it works 100%.

Used nbtstat -A {eBox_ip_address} and got the following <snipped> results.

eBox 0.11.2
           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER3        <00>  UNIQUE      Registered
    SERVER3        <03>  UNIQUE      Registered
    SERVER3        <20>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
    EBOX           <00>  GROUP       Registered
    EBOX           <1C>  GROUP       Registered
    EBOX           <1E>  GROUP       Registered

eBox 0.10
           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SERVER4        <00>  UNIQUE      Registered
    SERVER4        <03>  UNIQUE      Registered
    SERVER4        <20>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
    EBOX4          <00>  GROUP       Registered
    EBOX4          <1B>  UNIQUE      Registered
    EBOX4          <1C>  GROUP       Registered
    EBOX4          <1D>  UNIQUE      Registered
    EBOX4          <1E>  GROUP       Registered

The magic item missing from 0.11.2 is "<1B>  UNIQUE      Registered" which fits some of the info listed here (http://www.microsoft.com/technet/archive/winntas/plan/capacityplanning/a02_sync.mspx?mfr=true).
Also, I used WireShark (http://www.wireshark.org/) to check the traffic between the client and eBox. The client is doing a netbios name query for the Domain <1B>, which it can't find due to the missing <1B> not been advertised by eBox. Hopefully, this can be confirmed soon and fixed ;D

The project looks promising and Thanks for the effort so far eBox Guys !

Best Regards,
Stephen

Title: Re: eBox .11.2 PDC part looks broken
Post by: jcanfield on January 03, 2008, 04:23:51 pm

I think this stems from a uidNumber bug I have noticed in the latest version.  Chances are you have duplicate uidNumbers for the Machine account.  I'm just guessing at this point, but I plan on spending some time on it this weekend.  Should be pretty straight forward samba stuff.

Go ahead and do a "slapcat|grep uidNumber" and see if you have any duplicates.  If you do...that might be an indication.

Jim

Title: Re: eBox .11.2 PDC part looks broken
Post by: austin on January 03, 2008, 07:32:22 pm

I am also having the same issue.. the I did the slapcat|grep and it turns out that I do have duplicate UID numbers.. now what should I do?  *consults samba docs*

# slapcat|grep uidNumbe
/etc/ldap/slapd.conf: line 57: rootdn is always granted unlimited privileges.
bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ebox/ldap: (2)
Expect poor performance for suffix dc=ebox.
uidNumber: 2001
uidNumber: 2001

Title: Re: eBox .11.2 PDC part looks broken
Post by: javi on January 03, 2008, 11:13:12 pm

Hi,

I'll try to reproduce your issue during tomorrow and I'll get back to you as soon as I figure out what's happening.

You'll have an answer tomorrow :)

Title: Re: eBox .11.2 PDC part looks broken
Post by: austin on January 03, 2008, 11:24:20 pm

thanks javi! let me know if you need me to test anything

Title: Re: eBox .11.2 PDC part looks broken
Post by: jcanfield on January 04, 2008, 02:42:17 am

Quote from: austin on January 03, 2008, 07:32:22 pm

I am also having the same issue.. the I did the slapcat|grep and it turns out that I do have duplicate UID numbers.. now what should I do? 

I thought that might be the case.  The fix is simple, but it requires some changes of your LDAP tree.  The simplest way to do this with a LDAP admin tool like phpldapadmin. I've become so spoiled with ldap tools, I've forgotten much of the command line syntax...forgive me! :)

Here's some phpldapadmin instructions:

1) Install phpldapadmin on a client computer.

2) Edit two lines in the conig.php (Assuming ebox ip is 192.168.1.1)

Code: [Select]

/* Examples:
   'ldap.example.com',
   'ldaps://ldap.example.com/',
   'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
           (Unix socket at /usr/local/var/run/ldap) */
$ldapservers->SetValue($i,'server','host','192.168.1.1');

/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
   auto-detect it for you. */
$ldapservers->SetValue($i,'server','base',array('dc=ebox'));

3) Open phpldapadmin in browser and authenticate to ebox server using admindn (cn=admin,dc=ebox).  [See attachment screenshot]

4)  Browse to Computers->YOUR_COMPUTER->change the uidNumber to something higher...to be safe change it to 2100.

If i spend about ten minutes I can whip out the ldap commad line of need be.

regards,


Jim

Title: Re: eBox .11.2 PDC part looks broken
Post by: javi on January 04, 2008, 02:49:58 pm

Hi again,

I've just tested the PDC thing and I haven't been able to reproduce your bug. I successfully added one machine to the domain using a user with administration privileges, and I could log into the domain with a normal user from the Windows XP machine.

Regarding the uidNumber issue, I noticed that if you add the machine to the domain through windows XP -add machine to domain, prompted user/pass- the uidNumber is used correctly by samba and it does not reuse it even if the entry in sambaDomainName contains an already used number.

I would need more info like describing very accurately the steps you follow to try reproduce the problem.

Title: Re: eBox .11.2 PDC part looks broken
Post by: jcanfield on January 04, 2008, 03:15:15 pm

Well, we know the PDC won't update the uidumber if you join another samba machine to the domain.  Perhaps those having the issue have also tried to add a samba domain member.  I actually haven't added any windows machines to my domain here,  so I don't actually have the issue duplicated either.

Title: Re: eBox .11.2 PDC part looks broken
Post by: austin on January 04, 2008, 07:07:47 pm

thanks for the tips.. Ill give this stuff a go this evening..

Title: Re: eBox .11.2 PDC part looks broken
Post by: jcanfield on January 04, 2008, 07:14:34 pm

Javi fixed this....

http://people.warp.es/~javi/ebox-usersandgroups_0.11.3_all.deb

1) install the .deb (dpkg -i ebox-usersandgroups_0.11.3_all.deb)
2) /etc/init.d/ebox apache restart

This won't replace existing duplicates, but will prevent it from happening again.

Title: Re: eBox .11.2 PDC part looks broken
Post by: austin on January 15, 2008, 07:25:43 pm

when installing the pdc patch.. I saw this...

pdc800:~# dpkg -i ebox-usersandgroups_0.11.3_all.deb
(Reading database ... 24986 files and directories currently installed.)
Preparing to replace ebox-usersandgroups 0.11.2 (using ebox-usersandgroups_0.11.3_all.deb) ...
Unpacking replacement ebox-usersandgroups ...
Setting up ebox-usersandgroups (0.11.3) ...
Stopping OpenLDAP: slapd.
Can't use string ("/ebox/modules/services/serviceTa") as a HASH ref while "strict refs" in use at /usr/share/perl5/EBox/GConfModule.pm line 416.
Starting OpenLDAP: slapd.




I feel I remember seeing this error somewhere else as well...
Can't use string ("/ebox/modules/services/serviceTa") as a HASH ref while "strict refs" in use at /usr/share/perl5/EBox/GConfModule.pm line 416.

Title: Re: eBox .11.2 PDC part looks broken
Post by: timeJunky on January 20, 2008, 01:44:24 pm

suffering on the same bug with hash on
/ebox-ro/modules/network/data_ve

but different line #
/usr/share/perl5/EBox/GConfModule.pm line 916


any solution?

Title: Re: eBox .11.2 PDC part looks broken
Post by: javi on January 20, 2008, 04:07:32 pm

Could you send me a bug report please to try reproduce that?

juruen at warp dot es