[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Very serious (RC blocking ?) GOsa-LDAP inconsistencies about netgroups



On Sat, Jul 04, 2015 at 12:32:41PM +0200, Giorgio Pioda wrote:
> Hi volks,
> 
> (after 2 days of getting crazy) I've the following, PRETTY UGLY report.
> 
> 1) Fresh re-installed tjener Jessie and immediate subnet switch to my 10.164.88.0/23
>    (hope the following isn't subnet related, IMHO it shouldn't), done with ISO netinst
>    image of the 18/6/2015 (the last available); on real HW.
> 
> 2) First WS PXE install works. Registration via sitesummary2ldap works. Login
>    with first user works on the WS. Great!
> 
> 3) All other subsequent PXE installed and sitesummary2ldap registered WS DO NOT ALLOW LOGIN
>    complaining that the WS is not in the workstation-hosts netgroup. But checking
>    at WS with:
>    "netgroup workstation-hosts"
>    The WS are listed correctly. Note: DNS resolving direct/reverse is correct.
> 
> 4) Triing to delete and reinsert the workstation-hosts groups via GOsa menu is buggy.
>    It is impossible to remove the netgroup ownnership only. More, if the whole WS is removed
>    and inserted back via sitesummary, the netgroup appears to be there (not deleted
>    accordingly to the WS elimination). Ldapvi check shows that in the dn=workstation-hosts
>    the eliminated WS is still there. With ldapvi I have to commit with Y (y not enough) to remove
>    the netgroup.
> 
> 5) Digging into ldapdump.ldif I only see that some WS entries have been inserted by cn=admin and other
>    by cn=gosa-admin.
> 
> 6) Removing all the workstation-hosts ownership, after removing the workstation itself in GOsa
>    works finally. After this, rebooting the tjener and readding the WS with sitesummary leads
>    to another (strange) fact. In GOsa the netgroup ownership are (correctly) absent, but
>    checking from terminal on the rebooted client WS they have not been
>    deleted (wrong cached ?).
> 
> I really do not understand how to go further in debugging, since I cannot locate the origin
> of these facts.
> 
> Regards
> 
> Giorgio Pioda
> 
> -- 
> Giorgio Pioda - Sysadmin SPSE-Tenero
> Cell +41 79 629 20 63
> Tel  +41 58 468 62 48
> Fax  +41 58 468 61 98
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 20150704103241.GA7660@macchianera.pioderia.lan">https://lists.debian.org/20150704103241.GA7660@macchianera.pioderia.lan
> 
> 

Well,

here a crazy idea.

what about if the checking of the workstation-hosts ownership in nscd
could read the very first netgroup entry? This would fit with problem?

Indeed after changing workstation-hosts ownership of some WS and rebooting
the server, both in tjener and in the WS the netgroup are NOT updated.

Regards

-- 
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Tel  +41 58 468 62 48
Fax  +41 58 468 61 98


Reply to: