Re: Error adding users in Gosa (wheezy-test 130817)

To: debian-edu@lists.debian.org
Subject: Re: Error adding users in Gosa (wheezy-test 130817)
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 20 Aug 2013 07:22:16 +0200
Message-id: <[🔎] 20130820052216.GP1809@ulrik.uio.no>
In-reply-to: <[🔎] 20130819134035.GA4079@schweer-online.local>
References: <[🔎] E1VAzpJ-0000Ho-2r@microbel.pvv.ntnu.no> <[🔎] 20130818125135.GG1809@ulrik.uio.no> <[🔎] 20130819134035.GA4079@schweer-online.local>

[Wolfgang Schweer]
> Setting up LDAP from scratch (as outlined in
> ldap-debian-edu-install) on a beta0 based installation, the first
> user isn't able to set a user's password if the changes (ldapi
> instead of ldap, ssl usage commented out) to ldap-debian-edu-install
> are applied. Reverting the changes and starting once again from
> scratch, a working system is set up again.

I believe I found the problem, and just uploaded a fix to wheezy-test.

I believe the problem was that the fix ldap->ldapi in
/etc/samba/smb-debian-edu-ldapbootstrap.conf got the net command
working and samba generating SIDs which was stored in LDAP, as
intended in the code.  Just as Mike hoped.  But then the temp config
was removed, connection to LDAP was cut (by removing the secrets.tdb
file and a new SID generated and stored in our LDAP objects (and not
the one generated by samba initially).  This SID did not match the
initial SID stored in LDAP, and confused gosa and samba a lot.

Check out wheezy-test, and see if it solve the problem for you.

This was the change I did:

Index: ldap-tools/ldap-debian-edu-install
===================================================================
--- ldap-tools/ldap-debian-edu-install  (revision 82147)
+++ ldap-tools/ldap-debian-edu-install  (revision 82148)
@@ -454,6 +454,9 @@
     # and generate a sambaSID for <DOMAIN>.
     net -s /etc/samba/smb-debian-edu-ldapbootstrap.conf getlocalsid &> /dev/null
 
+    echo "info: Fetching SMB domain SID."
+    SAMBASID=`net -s /etc/samba/smb.conf getlocalsid SKOLELINUX 2>/dev/null | awk '{ print $6 }'`
+
     # start from scratch with secrets.tdb...
     rm -f /var/lib/samba/secrets.tdb
 
@@ -469,8 +472,6 @@
     chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
     sed -i "s:\$SAMBAPWD:$SAMBAPWD:g" /etc/smbldap-tools/smbldap_bind.conf
 
-    echo "info: Fetching SMB domain SID."
-    SAMBASID=`net -s /etc/samba/smb.conf getlocalsid SKOLELINUX 2>/dev/null | awk '{ print $6 }'`
     if [ -z "$SAMBASID" ] ; then
       echo "error: unable to fetch Samba SID"
       exit 1

Simply moved when to fetch the samba SID a bit earlier in the
bootstrap sequence. :)

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Error adding users in Gosa (wheezy-test 130817)
  - From: Giorgio Pioda <gfwp@ticino.com>
- Re: Error adding users in Gosa (wheezy-test 130817)
  - From: Wolfgang Schweer <wschweer@arcor.de>

References:
- Error adding users in Gosa (wheezy-test 130817)
  - From: Arne Sørli <arne.sorli@kongsberg.frisurf.no>
- Re: Error adding users in Gosa (wheezy-test 130817)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Error adding users in Gosa (wheezy-test 130817)
  - From: Wolfgang Schweer <wschweer@arcor.de>

Prev by Date: Re: italc 2.0.1-1 available in unstable and via unofficial wheezy-backports archive
Next by Date: Re: Error adding users in Gosa (wheezy-test 130817)
Previous by thread: Re: Error adding users in Gosa (wheezy-test 130817)
Next by thread: Re: Error adding users in Gosa (wheezy-test 130817)
Index(es):
- Date
- Thread