Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
46
Installation and Upgrades / Re: master/slave config question
« on: January 31, 2012, 04:40:38 pm »
we ended up going with the 'simple' solution and i msut say things are working out quite nicely. master/slave is definitely not ready for prime time and sync has issues performing consistently, but it is much better than what we had before and once the slave has most of the accounts synced i usually only have to deal with one individual at a remote site instead of the entire site when things break down 
47
Installation and Upgrades / Re: change server IP after install
« on: January 31, 2012, 04:38:00 pm »
Sorry for the late reply. i didnt realize i was not getting notifications on my posts in the forums. I eventually figured out that i had to run the rejoin-slave to get it to work properly and everything is going great. Rolling out 30 zentyal servers over the next 2 months
48
Installation and Upgrades / Re: master/slave manual password sync
« on: January 31, 2012, 04:32:29 pm »
We have a lot of issues syncing immediately after adding a new user to the server. Basically i usually get the following int he logs
lock - Could not get lock for service: zentyal-slave-sync
If i wait about an hour or 2 the sync eventually happens, but this is not ideal when a user calls to have a password reset and they have to wait or when an employee is terminated and the account is still active in teh system 2 hours after HR has sent the request to have them removed or get the account locked.
I see what could be useful commands in /usr/share/zentyal-users but i can not find any documentation on them. Since this is a production server i am hesitant to just strat trying them out one by one to gauge the results
lock - Could not get lock for service: zentyal-slave-sync
If i wait about an hour or 2 the sync eventually happens, but this is not ideal when a user calls to have a password reset and they have to wait or when an employee is terminated and the account is still active in teh system 2 hours after HR has sent the request to have them removed or get the account locked.
I see what could be useful commands in /usr/share/zentyal-users but i can not find any documentation on them. Since this is a production server i am hesitant to just strat trying them out one by one to gauge the results
49
Installation and Upgrades / master/slave manual password sync
« on: January 25, 2012, 03:47:51 pm »
I understand that zentyal master server syncs passwords with the slave every hour or so. Is there a way (from command line maybe) to manually kick off this sync. I am in the process of converting about 30 sites to zentyal and i would like to be able to change a users password on the master and have them use the new password as soon as possible instead of waiting.
let me know if this is possible.
Thanks
let me know if this is possible.
Thanks
50
Installation and Upgrades / Master/slave error [could not get lock for zentyal-slave-sync]
« on: January 13, 2012, 06:03:11 pm »
i have my master setup and 4 slaves connected. For the most part everything works except manual sync. It appears the master is trying to sync to the slaves a group that does not exist on the server anymore. This results in the following error message that id like to clear.
2012/01/13 11:32:17 ERROR> Sudo.pm:213 EBox::Sudo::_rootError - root command /usr/share/zentyal-users/slave-sync failed.
Error output: Could not get lock for service: zentyal-slave-sync
Command output: .
Exit value: 11
2012/01/13 11:39:25 ERROR> Lock.pm:31 EBox::Util::Lock::lock - Could not get lock for service: zentyal-slave-sync
In the error.log i see the following
Use of uninitialized value $id in concatenation (.) or string at /usr/share/zentyal/templates/ajax/customActions.mas line 9.
but nothing else that would give me a clue how to fix.
Does anyone have any ideas or pointers that dont involve resintalling from scratch? we are about half way through a deployment for 10 remote sites. so its kind of too late to start going backwards.
Let me know if you need any more specific details. i would be glad to provide.
Thanks
2012/01/13 11:32:17 ERROR> Sudo.pm:213 EBox::Sudo::_rootError - root command /usr/share/zentyal-users/slave-sync failed.
Error output: Could not get lock for service: zentyal-slave-sync
Command output: .
Exit value: 11
2012/01/13 11:39:25 ERROR> Lock.pm:31 EBox::Util::Lock::lock - Could not get lock for service: zentyal-slave-sync
In the error.log i see the following
Use of uninitialized value $id in concatenation (.) or string at /usr/share/zentyal/templates/ajax/customActions.mas line 9.
but nothing else that would give me a clue how to fix.
Does anyone have any ideas or pointers that dont involve resintalling from scratch? we are about half way through a deployment for 10 remote sites. so its kind of too late to start going backwards.
Let me know if you need any more specific details. i would be glad to provide.
Thanks
51
Installation and Upgrades / change server IP after install
« on: December 19, 2011, 07:10:34 pm »
I have looked for a concrete answer documenting this, but havent been able to find the info i need.
BAsically setting up 1 zentyal master in my data center and will connect about 40 slaves scattered around remote locations. Id like to configure all the slaves in my office and join them to the master, then change the ip address to match the LAN at the remote site, then ship the server.
Will i run into any issues if i change the IP address on the slave server? I will ofcourse update the DNS server so the names resolve correctly for LDAP, but just want to make sure i am not opening a can of worms by doing this.
My alternative is do a base install, set it to DHCP and ship server to remote site. once connected i would then install all the modules and join to ldap master.
BAsically setting up 1 zentyal master in my data center and will connect about 40 slaves scattered around remote locations. Id like to configure all the slaves in my office and join them to the master, then change the ip address to match the LAN at the remote site, then ship the server.
Will i run into any issues if i change the IP address on the slave server? I will ofcourse update the DNS server so the names resolve correctly for LDAP, but just want to make sure i am not opening a can of worms by doing this.
My alternative is do a base install, set it to DHCP and ship server to remote site. once connected i would then install all the modules and join to ldap master.
52
Installation and Upgrades / Re: master/slave config question
« on: November 01, 2011, 08:02:34 am »
From previous research I knew it would be a long shot. I am trying to move from a Novell/redhat ds into something new ( and less complicated). Some if not most of our old practices will be going out the window. I'll find work arounds for the rest.
Thanks.
Thanks.
53
Installation and Upgrades / Re: master/slave config question
« on: November 01, 2011, 07:35:37 am »
Thanks for the reply,
I wasn't really aiming for pdc/bdc. Coming from redhat-ds. I was able to make a root for my ldap tree and then have remote sites implemented as branches. Each branch server only contains the accounts of users at that physical location while my root server contains all the branches and all the users.
Users authenticate based on credentials in their local server. If local server dies ldap requests go to root server(s). If root server dies pray local server doesn't crap out before we get it fixed. I think it's same risk as in master/slave mode.
The ldap referal takes place when user only has account in specific ldap branch at root server. This user can go to many remote sites and login since their ldap group is part of a referal group configured on all remote servers. (good for regional staff and managers)
I hope I cleared up my idea a little more
I wasn't really aiming for pdc/bdc. Coming from redhat-ds. I was able to make a root for my ldap tree and then have remote sites implemented as branches. Each branch server only contains the accounts of users at that physical location while my root server contains all the branches and all the users.
Users authenticate based on credentials in their local server. If local server dies ldap requests go to root server(s). If root server dies pray local server doesn't crap out before we get it fixed. I think it's same risk as in master/slave mode.
The ldap referal takes place when user only has account in specific ldap branch at root server. This user can go to many remote sites and login since their ldap group is part of a referal group configured on all remote servers. (good for regional staff and managers)
I hope I cleared up my idea a little more
54
Installation and Upgrades / LDAP referals
« on: October 31, 2011, 01:09:01 am »
Is it possible for a PDC server to query the ldap tree in a different server for authentication of a user?
55
Installation and Upgrades / master/slave config question
« on: October 31, 2011, 01:07:47 am »
I have successfully setup master/slave configurations on several test servers. What i would like to know is if its possible to only sync certain groups of users to the slave server instead of the entire ldap tree. the reason id like to do this is the slave servers will be in seperate offices and id like only the PDC user accounts to be on the slave.
Thanks
Thanks