Enhancement #2626

Implement hostname-modify event for samba

Added by Giacomo Sanchietti almost 6 years ago. Updated almost 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.5-rc1
Resolution: NEEDINFO:No

Description

When the hostname changes Samba generate a new machine SID. See also Changing hostname.

Errors from nethserver-samba-group-sync action:

[root@localhost ~]# /etc/e-smith/events/runlevel-adjust/S98nethserver-samba-group-sync
Mapping group locals failed with NT_STATUS_GROUP_EXISTS
[ERROR] Failed to add group `locals` in SAM database!
Mapping group domadmins failed with NT_STATUS_GROUP_EXISTS
[ERROR] Failed to add group `domadmins` in SAM database!
Mapping group faxmaster failed with NT_STATUS_GROUP_EXISTS
[ERROR] Failed to add group `faxmaster` in SAM database!
Mapping group jabberadmins failed with NT_STATUS_GROUP_EXISTS
[ERROR] Failed to add group `jabberadmins` in SAM database!
Mapping group tecnici failed with NT_STATUS_GROUP_EXISTS
[ERROR] Failed to add group `tecnici` in SAM database!


Related issues

Related to NethServer 6 - Enhancement #2582: Base: remove bootstrap-console CLOSED
Related to NethServer 6 - Enhancement #2650: Customizable X509 email field CLOSED
Related to NethServer 6 - Enhancement #2654: Select rst2html output language CLOSED
Related to NethServer 6 - Enhancement #2653: Samba: backup secrets.tdb in config backup CLOSED
Copied to NethServer 6 - Enhancement #2668: Base: web ui for hostname change CLOSED

Associated revisions

Revision 5695d30a
Added by Davide Principi almost 6 years ago

Fixed help RST syntax. Refs #2626

Use RST Admonitions for Warning note. The "Warning" string
localization will be fixed by #2654.

Revision e9da25f7
Added by Davide Principi almost 6 years ago

Postpone hostname setting to index 02. Refs #2626

Some actions need to start before the system hostname is
changed. Free indexes 00 and 01 for such actions.

Revision f39ccd6a
Added by Davide Principi almost 6 years ago

Store SID in Config DB. Refs #2626

On *-update and migration events, store Samba SID in smb/Sid prop. As
soon as hostname changes, implant the stored SID in secrets.tdb, to
avoid generating a new one.

Revision f8f08bc8
Added by Davide Principi almost 6 years ago

Drop all sambaDomain objects in LDAP before starting migration. Refs #2626

All domains will be recreated with the migrated SID.

Revision 615baa13
Added by Davide Principi almost 6 years ago

nethserver-directory-migrate: raise errors on failed events. Refs #2626

Revision 7ea12c6d
Added by Davide Principi almost 6 years ago

nethserver-directory-migrate: fixed admin home dir migration exit code. Refs #2626

Revision b4a0c422
Added by Davide Principi almost 6 years ago

nethserver-samba-migrate-ibays: migrate only existing ibays. Refs #2626

History

#1 Updated by Davide Principi almost 6 years ago

[see issue description]

#2 Updated by Giacomo Sanchietti almost 6 years ago

  • Target version changed from ~FUTURE to v6.5-rc1

#3 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#4 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#5 Updated by Giacomo Sanchietti almost 6 years ago

  • Description updated (diff)

#6 Updated by Giacomo Sanchietti almost 6 years ago

  • Assignee changed from Giacomo Sanchietti to Davide Principi

#7 Updated by Davide Principi almost 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

In nethserver-base
  • Check the web UI module signals hostname-modify event
  • hostname-modify event executes system-adjust action (all update events are signalled)

In nethserver-samba, after update to modified version:

* smb/Sid prop must be set to the machine SID
* change hostname from web UI: the new SID must not change both in WS and PDC role

To read the machine SID:

  net getlocalsid

UPGRADE NOTES
The migration procedure has been modified: it now drops all existing sambaDomain objects in LDAP. This guarantees the imported SID in secrets.tdb is used to (re)generate new sambaDomain objects on the fly.

To fix previously migrated machines:

    # ldapsearch -LLL -Y EXTERNAL objectClass=sambaDomain sambaDomainName sambaSID
[...] substitute X below, where sambaSID is not correct 
    # ldapdelete -Y EXTERNAL sambaDomainName=X,dc=directory,dc=nh

#8 Updated by Davide Principi almost 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-samba-1.4.1-3.0gitf8f08bc8.ns6.noarch.rpm
nethserver-samba-1.4.1-5.0gitb4a0c422.ns6.noarch.rpm
nethserver-base-2.0.0-9.0gite9da25f7.ns6.noarch.rpm
nethserver-directory-2.0.0-5.0git7ea12c6d.ns6.noarch.rpm

#9 Updated by Giacomo Sanchietti almost 6 years ago

  • Assignee set to Giacomo Sanchietti

#10 Updated by Davide Principi almost 6 years ago

  • Subject changed from Base: web ui for hostname change to Implement hostname-modify event for samba
  • Description updated (diff)

#11 Updated by Giacomo Sanchietti almost 6 years ago

  • Assignee deleted (Giacomo Sanchietti)

Machine status before host name and domain name change:

[root@localhost ~]# ldapsearch -Y EXTERNAL "(objectClass=sambaDomain)" 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=directory,dc=nh> (default) with scope subtree
# filter: (objectClass=sambaDomain)
# requesting: ALL
#

# LOCALHOST, directory.nh
dn: sambaDomainName=LOCALHOST,dc=directory,dc=nh
sambaDomainName: LOCALHOST
sambaSID: S-1-5-21-2000527308-1739460070-305762236
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1006

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@localhost ~]# config getprop smb Sid
S-1-5-21-2000527308-1739460070-305762236

System configuration after change, both old and new domain are present :

[root@localhost ~]# config getprop smb Sid
S-1-5-21-2000527308-1739460070-305762236
[root@localhost ~]# ldapsearch -Y EXTERNAL "(objectClass=sambaDomain)" 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <dc=directory,dc=nh> (default) with scope subtree
# filter: (objectClass=sambaDomain)
# requesting: ALL
#

# LOCALHOST, directory.nh
dn: sambaDomainName=LOCALHOST,dc=directory,dc=nh
sambaDomainName: LOCALHOST
sambaSID: S-1-5-21-2000527308-1739460070-305762236
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1006

# MAIL, directory.nh
dn: sambaDomainName=MAIL,dc=directory,dc=nh
sambaDomainName: MAIL
sambaSID: S-1-5-21-2000527308-1739460070-305762236
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Also net command reports the old SID:

[root@localhost ~]# net getlocalsid
SID for domain MAIL is: S-1-5-21-2000527308-1739460070-305762236

Marking as VERIFIED.

#12 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

#13 Updated by Davide Principi almost 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

#14 Updated by Davide Principi almost 6 years ago

In nethserver-updates:
nethserver-release-6.5-4.ns6.rc1.noarch.rpm
nethserver-devbox-1.4.0-1.ns6.noarch.rpm
nethserver-backup-data-1.0.9-1.ns6.noarch.rpm
nethserver-base-2.1.0-1.ns6.noarch.rpm
nethserver-directory-2.0.1-1.ns6.noarch.rpm
nethserver-firewall-base-1.1.0-1.ns6.noarch.rpm
nethserver-hosts-1.0.7-1.ns6.noarch.rpm
nethserver-httpd-2.3.0-1.ns6.noarch.rpm
nethserver-httpd-admin-1.2.1-1.ns6.noarch.rpm
nethserver-hylafax-1.0.5-1.ns6.noarch.rpm
nethserver-ibays-2.0.3-1.ns6.noarch.rpm
nethserver-lib-2.0.1-1.ns6.noarch.rpm
nethserver-mail-server-1.6.1-1.ns6.noarch.rpm
nethserver-nethgui-1.4.0-1.ns6.noarch.rpm
nethserver-ntopng-1.1.2-1.ns6.noarch.rpm
nethserver-nut-1.0.7-1.ns6.noarch.rpm
nethserver-openssh-1.0.5-1.ns6.noarch.rpm
nethserver-roundcubemail-0.0.2-1.ns6.noarch.rpm
nethserver-samba-1.4.2-1.ns6.noarch.rpm
nethserver-shorewall-1.0.4-1.ns6.noarch.rpm
nethserver-sogo-thunderbird-1.1.1-1.ns6.noarch.rpm
nethserver-vpn-1.1.2-1.ns6.noarch.rpm
sogo-frontends-1.3.0-1.ns6.noarch.rpm

Also available in: Atom PDF