Enhancement #2626
Implement hostname-modify event for samba
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5-rc1 | |||
Resolution: | NEEDINFO: | No |
Description
When the hostname changes Samba generate a new machine SID. See also Changing hostname.
Errors from nethserver-samba-group-sync action:
[root@localhost ~]# /etc/e-smith/events/runlevel-adjust/S98nethserver-samba-group-sync Mapping group locals failed with NT_STATUS_GROUP_EXISTS [ERROR] Failed to add group `locals` in SAM database! Mapping group domadmins failed with NT_STATUS_GROUP_EXISTS [ERROR] Failed to add group `domadmins` in SAM database! Mapping group faxmaster failed with NT_STATUS_GROUP_EXISTS [ERROR] Failed to add group `faxmaster` in SAM database! Mapping group jabberadmins failed with NT_STATUS_GROUP_EXISTS [ERROR] Failed to add group `jabberadmins` in SAM database! Mapping group tecnici failed with NT_STATUS_GROUP_EXISTS [ERROR] Failed to add group `tecnici` in SAM database!
Related issues
Associated revisions
Postpone hostname setting to index 02. Refs #2626
Some actions need to start before the system hostname is
changed. Free indexes 00 and 01 for such actions.
Store SID in Config DB. Refs #2626
On *-update and migration events, store Samba SID in smb/Sid prop. As
soon as hostname changes, implant the stored SID in secrets.tdb, to
avoid generating a new one.
Drop all sambaDomain objects in LDAP before starting migration. Refs #2626
All domains will be recreated with the migrated SID.
nethserver-directory-migrate: raise errors on failed events. Refs #2626
nethserver-directory-migrate: fixed admin home dir migration exit code. Refs #2626
nethserver-samba-migrate-ibays: migrate only existing ibays. Refs #2626
History
#1 Updated by Davide Principi over 7 years ago
[see issue description]
#2 Updated by Giacomo Sanchietti over 7 years ago
- Target version changed from ~FUTURE to v6.5-rc1
#3 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#4 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#5 Updated by Giacomo Sanchietti over 7 years ago
- Description updated (diff)
#6 Updated by Giacomo Sanchietti over 7 years ago
- Assignee changed from Giacomo Sanchietti to Davide Principi
#7 Updated by Davide Principi over 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
Innethserver-base
- Check the web UI module signals
hostname-modify
event hostname-modify
event executessystem-adjust
action (all update events are signalled)
In nethserver-samba
, after update to modified version:
* smb/Sid prop must be set to the machine SID * change hostname from web UI: the new SID must not change both in WS and PDC role
To read the machine SID:
net getlocalsid
UPGRADE NOTES
The migration procedure has been modified: it now drops all existing sambaDomain
objects in LDAP. This guarantees the imported SID in secrets.tdb
is used to (re)generate new sambaDomain
objects on the fly.
To fix previously migrated machines:
# ldapsearch -LLL -Y EXTERNAL objectClass=sambaDomain sambaDomainName sambaSID [...] substitute X below, where sambaSID is not correct # ldapdelete -Y EXTERNAL sambaDomainName=X,dc=directory,dc=nh
#8 Updated by Davide Principi over 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:nethserver-samba-1.4.1-3.0gitf8f08bc8.ns6.noarch.rpm
nethserver-samba-1.4.1-5.0gitb4a0c422.ns6.noarch.rpm
nethserver-base-2.0.0-9.0gite9da25f7.ns6.noarch.rpm
nethserver-directory-2.0.0-5.0git7ea12c6d.ns6.noarch.rpm
#9 Updated by Giacomo Sanchietti over 7 years ago
- Assignee set to Giacomo Sanchietti
#10 Updated by Davide Principi over 7 years ago
- Subject changed from Base: web ui for hostname change to Implement hostname-modify event for samba
- Description updated (diff)
#11 Updated by Giacomo Sanchietti over 7 years ago
- Assignee deleted (
Giacomo Sanchietti)
Machine status before host name and domain name change:
[root@localhost ~]# ldapsearch -Y EXTERNAL "(objectClass=sambaDomain)" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <dc=directory,dc=nh> (default) with scope subtree # filter: (objectClass=sambaDomain) # requesting: ALL # # LOCALHOST, directory.nh dn: sambaDomainName=LOCALHOST,dc=directory,dc=nh sambaDomainName: LOCALHOST sambaSID: S-1-5-21-2000527308-1739460070-305762236 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1006 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@localhost ~]# config getprop smb Sid S-1-5-21-2000527308-1739460070-305762236
System configuration after change, both old and new domain are present :
[root@localhost ~]# config getprop smb Sid S-1-5-21-2000527308-1739460070-305762236 [root@localhost ~]# ldapsearch -Y EXTERNAL "(objectClass=sambaDomain)" SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 # extended LDIF # # LDAPv3 # base <dc=directory,dc=nh> (default) with scope subtree # filter: (objectClass=sambaDomain) # requesting: ALL # # LOCALHOST, directory.nh dn: sambaDomainName=LOCALHOST,dc=directory,dc=nh sambaDomainName: LOCALHOST sambaSID: S-1-5-21-2000527308-1739460070-305762236 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1006 # MAIL, directory.nh dn: sambaDomainName=MAIL,dc=directory,dc=nh sambaDomainName: MAIL sambaSID: S-1-5-21-2000527308-1739460070-305762236 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain sambaNextUserRid: 1000 sambaMinPwdLength: 5 sambaPwdHistoryLength: 0 sambaLogonToChgPwd: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 sambaRefuseMachinePwdChange: 0 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
Also net command reports the old SID:
[root@localhost ~]# net getlocalsid SID for domain MAIL is: S-1-5-21-2000527308-1739460070-305762236
Marking as VERIFIED.
#12 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
#13 Updated by Davide Principi over 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
#14 Updated by Davide Principi over 7 years ago
In nethserver-updates:
nethserver-release-6.5-4.ns6.rc1.noarch.rpm
nethserver-devbox-1.4.0-1.ns6.noarch.rpm
nethserver-backup-data-1.0.9-1.ns6.noarch.rpm
nethserver-base-2.1.0-1.ns6.noarch.rpm
nethserver-directory-2.0.1-1.ns6.noarch.rpm
nethserver-firewall-base-1.1.0-1.ns6.noarch.rpm
nethserver-hosts-1.0.7-1.ns6.noarch.rpm
nethserver-httpd-2.3.0-1.ns6.noarch.rpm
nethserver-httpd-admin-1.2.1-1.ns6.noarch.rpm
nethserver-hylafax-1.0.5-1.ns6.noarch.rpm
nethserver-ibays-2.0.3-1.ns6.noarch.rpm
nethserver-lib-2.0.1-1.ns6.noarch.rpm
nethserver-mail-server-1.6.1-1.ns6.noarch.rpm
nethserver-nethgui-1.4.0-1.ns6.noarch.rpm
nethserver-ntopng-1.1.2-1.ns6.noarch.rpm
nethserver-nut-1.0.7-1.ns6.noarch.rpm
nethserver-openssh-1.0.5-1.ns6.noarch.rpm
nethserver-roundcubemail-0.0.2-1.ns6.noarch.rpm
nethserver-samba-1.4.2-1.ns6.noarch.rpm
nethserver-shorewall-1.0.4-1.ns6.noarch.rpm
nethserver-sogo-thunderbird-1.1.1-1.ns6.noarch.rpm
nethserver-vpn-1.1.2-1.ns6.noarch.rpm
sogo-frontends-1.3.0-1.ns6.noarch.rpm