def run(_umc_instance):
error = _(
'This is a Samba 4 DC, but `samba-tool processes` reports no `kdc_server`.'
)
heimdal_error = _('This may be, because Heimdal KDC seems to be running.')
autostart_error = _(
'This may be, because `kerberos/autostart` is not disabled.')
solution = _(
'You may want to stop Heimdal KDC and restart Samba via {services}')
if util.is_service_active('Samba 4') and not samba_kdc_running():
error_descriptions = [error]
if is_heimdal_kdc_running():
error_descriptions.append(heimdal_error)
if not is_kerberos_autostart_disabled():
error_descriptions.append(autostart_error)
error_descriptions.append(solution)
MODULE.error('n'.join(error_descriptions))
raise Critical('\n'.join(error_descriptions))
def run(_umc_instance, rerun=False, fix_log=''):
if not util.is_service_active('Samba 4'):
return
error_descriptions = list()
if rerun and fix_log:
error_descriptions.append(fix_log)
buttons = [{
'action': 'run_samba_tool_ntacl_sysvolreset',
'label': _('Run `samba-tool ntacl sysvolreset`'),
}]
cmd = ['samba-tool', 'ntacl', 'sysvolcheck']
(success, output) = util.run_with_output(cmd)
if not success or output:
error = _(
'`samba-tool ntacl sysvolcheck` returned a problem with the sysvol ACLs.'
)
error_descriptions.append(error)
fix = _("Running 'samba-tool ntacl sysvolreset' may fix the issue")
#Filters an unhelpful error message from samba
if output.find("NT_STATUS_OBJECT_NAME_NOT_FOUND") != -1:
output_list = output.splitlines()
for x in output_list:
if x.find("NT_STATUS_OBJECT_NAME_NOT_FOUND") == -1:
error_descriptions.append(x)
else:
fix = ""
else:
error_descriptions.append(output)
if not rerun:
error_descriptions.append(fix)
raise Warning(description='\n'.join(error_descriptions),
buttons=buttons)
if rerun:
fixed = _('`samba-tool ntacl sysvolcheck` found no problems.')
error_descriptions.append(fixed)
error_descriptions.append(output)
raise ProblemFixed(description='\n'.join(error_descriptions))
def run(_umc_instance):
if not util.is_service_active('S4 Connector'):
return
try:
import univention.s4connector
import univention.s4connector.s4
except ImportError:
error_description = _('Univention S4 Connector is not installed.')
raise Critical(description=error_description)
try:
s4 = get_s4_connector()
except MissingConfigurationKey as error:
error_description = _('The UCR variable {variable!r} is unset, but necessary for the S4 Connector.')
MODULE.error(error_description.format(variable=error.message))
raise Critical(description=error_description.format(variable=error.message))
ucs_rejects = list(get_ucs_rejected(s4))
s4_rejects = list(get_s4_rejected(s4))
if ucs_rejects or s4_rejects:
error_description = _('Found {ucs} UCS rejects and {s4} S4 rejects. See {{sdb}} for more information.')
error_description = error_description.format(ucs=len(ucs_rejects), s4=len(s4_rejects))
error_descriptions = [error_description]
if ucs_rejects:
error_descriptions.append(_('UCS rejected:'))
for (filename, ucs_dn, s4_dn) in ucs_rejects:
s4_dn = s4_dn if s4_dn else _('not found')
line = _('UCS DN: {ucs}, S4 DN: {s4}, Filename: {fn}')
line = line.format(ucs=ucs_dn, s4=s4_dn, fn=filename)
error_descriptions.append(line)
if s4_rejects:
error_descriptions.append(_('S4 rejected:'))
for (_s4_id, s4_dn, ucs_dn) in s4_rejects:
ucs_dn = ucs_dn if ucs_dn else _('not found')
line = _('S4 DN: {s4}, UCS DN: {ucs}')
line = line.format(s4=s4_dn, ucs=ucs_dn)
error_descriptions.append(line)
MODULE.error('\n'.join(error_descriptions))
raise Warning(description='\n'.join(error_descriptions))
def run(_umc_instance, retest=False):
configRegistry = univention.config_registry.ConfigRegistry()
configRegistry.load()
target_realm = configRegistry.get('kerberos/realm')
user_name = 'kdc-reachability-check'
kdc_fqds = configRegistry.get('kerberos/kdc', '').split()
dns_lookup_kdc = configRegistry.is_true('kerberos/defaults/dns_lookup_kdc',
True)
if not kdc_fqds or dns_lookup_kdc:
domainname = configRegistry.get('domainname')
kdc_to_check = list(resolve_kdc_record('tcp', domainname))
kdc_to_check.extend(resolve_kdc_record('udp', domainname))
else:
kdc_to_check = [(kdc, 88, 'tcp') for kdc in kdc_fqds]
kdc_to_check.extend((kdc, 88, 'udp') for kdc in kdc_fqds)
kdc_reachabe = [(probe_kdc(kdc, port, protocol, target_realm,
user_name), (kdc, port, protocol))
for (kdc, port, protocol) in kdc_to_check]
reachable_kdc = [(kdc, port, protocol)
for (reachable, (kdc, port, protocol)) in kdc_reachabe
if reachable]
unreachable_kdc = [(kdc, port, protocol)
for (reachable, (kdc, port, protocol)) in kdc_reachabe
if not reachable]
error_descriptions = list()
if unreachable_kdc:
error = _('The following KDCs were unreachable: {}')
unreach_string = ('{} {}:{}'.format(protocol, kdc, port)
for (kdc, port, protocol) in unreachable_kdc)
error_descriptions.append(error.format(', '.join(unreach_string)))
if not reachable_kdc:
is_dc = configRegistry.get('server/role') == 'domaincontroller_master'
is_s4_dc = is_dc and util.is_service_active('Samba 4')
if is_s4_dc and configRegistry.is_true('samba/interfaces/bindonly',
False):
local_included = False
for interface in configRegistry.get('samba/interfaces',
'').split():
try:
addr = ipaddr.IPAddress(interface)
except ValueError:
local_included |= interface == 'lo'
else:
local_included |= addr.is_loopback or addr.is_unspecified
error = _(
'samba/interfaces does not contain lo, 127.0.0.1 or 0.0.0.0.')
error_descriptions.append(error)
description = '\n'.join(error_descriptions)
buttons = [{
'action': 'add_lo_to_samba_interfaces',
'label': _('Add lo to samba/interfaces'),
}, {
'action': 'reset_kerberos_kdc',
'label': _('Reset kerberos/kdc to 127.0.0.1'),
}]
raise Critical(description=description, buttons=buttons)
error_descriptions.append(_('No reachable KDCs were found.'))
description = '\n'.join(error_descriptions)
raise Critical(description=description)
if error_descriptions:
error = '\n'.join(error_descriptions)
raise Warning(description=error)
if retest:
raise ProblemFixed()