Re: Very serious (RC blocking ?) GOsa-LDAP inconsistencies about netgroups
On Sat, Jul 04, 2015 at 12:32:41PM +0200, Giorgio Pioda wrote:
> Hi volks,
> (after 2 days of getting crazy) I've the following, PRETTY UGLY report.
> 1) Fresh re-installed tjener Jessie and immediate subnet switch to my 10.164.88.0/23
> (hope the following isn't subnet related, IMHO it shouldn't), done with ISO netinst
> image of the 18/6/2015 (the last available); on real HW.
> 2) First WS PXE install works. Registration via sitesummary2ldap works. Login
> with first user works on the WS. Great!
> 3) All other subsequent PXE installed and sitesummary2ldap registered WS DO NOT ALLOW LOGIN
> complaining that the WS is not in the workstation-hosts netgroup. But checking
> at WS with:
> "netgroup workstation-hosts"
> The WS are listed correctly. Note: DNS resolving direct/reverse is correct.
> 4) Triing to delete and reinsert the workstation-hosts groups via GOsa menu is buggy.
> It is impossible to remove the netgroup ownnership only. More, if the whole WS is removed
> and inserted back via sitesummary, the netgroup appears to be there (not deleted
> accordingly to the WS elimination). Ldapvi check shows that in the dn=workstation-hosts
> the eliminated WS is still there. With ldapvi I have to commit with Y (y not enough) to remove
> the netgroup.
> 5) Digging into ldapdump.ldif I only see that some WS entries have been inserted by cn=admin and other
> by cn=gosa-admin.
> 6) Removing all the workstation-hosts ownership, after removing the workstation itself in GOsa
> works finally. After this, rebooting the tjener and readding the WS with sitesummary leads
> to another (strange) fact. In GOsa the netgroup ownership are (correctly) absent, but
> checking from terminal on the rebooted client WS they have not been
> deleted (wrong cached ?).
> I really do not understand how to go further in debugging, since I cannot locate the origin
> of these facts.
> Giorgio Pioda
> Giorgio Pioda - Sysadmin SPSE-Tenero
> Cell +41 79 629 20 63
> Tel +41 58 468 62 48
> Fax +41 58 468 61 98
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
> Archive: 20150704103241.GA7660@macchianera.pioderia.lan">https://lists.debian.org/20150704103241.GA7660@macchianera.pioderia.lan
here a crazy idea.
what about if the checking of the workstation-hosts ownership in nscd
could read the very first netgroup entry? This would fit with problem?
Indeed after changing workstation-hosts ownership of some WS and rebooting
the server, both in tjener and in the WS the netgroup are NOT updated.
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Tel +41 58 468 62 48
Fax +41 58 468 61 98