openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842020-11-23T18:28:36ZopenSUSE Project Management Tool
Redmine invis-server - action #80224 (Closed): CLT Alternativ-Eventhttps://progress.opensuse.org/issues/802242020-11-23T18:28:36Zflaccostefan@invis-server.org
<p>Marcel hat vorgeschlagen parallel zu den kommenden nur virtuellen Chemnitzer-Linux-Tagen ein kleines eigenes Event zu starten bei dem wir uns im kleinen Kreis treffen, ein bisschen basteln und ein paar Vorträge von den CLT streamen können.</p>
<p>Klar ist, dass das nur mit einer deutlichen Lockerung der derzeitigen Corona-Bestimmungen möglich ist. Auch unser gesunder Menschenverstand sollte eine Rolle spielen. Meint wenn die Fallzahlen weiter hoch bleiben sollten wir auch bei gelockerten Bestimmungen davon Abstand nehmen oder die Modalitäten anpassen.</p>
<p>Ich mache das hier mal als Ticket der Kategorie Event auf, dann können wir hier planen.</p>
<p>Termin der virtuellen CLT ist das WE 13./14.03.2021.</p>
<p>Unsere Planung eines solchen Mini-Events sollten wir spätestens eine Woche vorher abgeschlossen haben.</p>
invisAD-setup - action #63634 (New): We should publish a list with the expiry dates of all VPN cl...https://progress.opensuse.org/issues/636342020-02-20T07:36:54Zflaccostefan@invis-server.org
<p>The VPN client certs we create have a 24 month time to live. Actually the users have no information about this, the don't know when there clients certs epxire. More than once this caused problems in practice.</p>
invisAD-setup - action #63631 (Closed): We should publish the CRL expiration date via invis portalhttps://progress.opensuse.org/issues/636312020-02-20T07:32:14Zflaccostefan@invis-server.org
<p>Our CRL (Certification Revocation List) expires 6 month after creation. We should publish this date via invis-Portal.</p>
invisAD-setup - action #54389 (New): DNS-Updates via DHCP-Server should be possiblehttps://progress.opensuse.org/issues/543892019-07-18T06:37:55Zflaccostefan@invis-server.org
<p>In our setup every try to update DNS-Records dynamically fails:</p>
<p>Unable to add forward map from LANCOM_884_VOIP.baettenhausen.local to 192.168.1.205: REFUSED</p>
<p>This should be possible.</p>
<p>How to setup: <a href="https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND" class="external">https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND</a></p>
invisAD-setup - action #52019 (Closed): invis-Portal: Add a new function-sitehttps://progress.opensuse.org/issues/520192019-05-27T08:25:26Zflaccostefan@invis-server.org
<p>It should be possible to execute some administrative shell-scripts via invis-portal.</p>
invisAD-setup - action #51920 (Closed): invis-Server Setup Test with openSUSE Leap 15.1https://progress.opensuse.org/issues/519202019-05-23T10:05:12Zflaccostefan@invis-server.org
<p>We should build invis-Server 14.1 on base of Leap 15.1</p>
invisAD-setup - action #51869 (Closed): Build new own Samba-packageshttps://progress.opensuse.org/issues/518692019-05-22T16:22:30Zflaccostefan@invis-server.org
<p>Caused by problems with the MIT-Kerberos implementation and it's "experimental" state, we must build again own Samba-packages with Heimdal-Kerberos and switch our setup back to these own packages.</p>
invisAD-setup - action #51386 (Closed): invis-Server should be compatile with Btrfs.https://progress.opensuse.org/issues/513862019-05-12T07:25:07Zflaccostefan@invis-server.org
<p>First testinstallation with Btrfs on the Root-Volume shows that it was impossible to boot the server after setup with sine2.</p>
invisAD-setup - action #51383 (Closed): invis-Portal: Filter for Hostlisthttps://progress.opensuse.org/issues/513832019-05-12T07:21:37Zflaccostefan@invis-server.org
<p>It should be possible to filter the elements of the hostlist by type like we do it in the userlist.</p>
invisAD-setup - action #47072 (Closed): Check our DHCP-LDAP Schemahttps://progress.opensuse.org/issues/470722019-02-03T10:47:39Zflaccostefan@invis-server.org
<p>During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".</p>
<p>dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.</p>
<p>Errors:</p>
<hr>
<p>ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'<br>
Not fixing attribute mayContain<br>
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!<br>
Not fixing attribute 'mayContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'<br>
Not fixing attribute mustContain<br>
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!<br>
Not fixing attribute 'mustContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=<a href="mailto:postmaster@140-net.loc">postmaster@140-net.loc</a>,CN=Users,DC=140-net,DC=loc<br>
Not fixing SID component mismatch</p>
<hr>
invis-sub-setup - action #46718 (In Progress): Create a setup-script for invis-sub-serverhttps://progress.opensuse.org/issues/467182019-01-26T15:49:46Zflaccostefan@invis-server.org
<p>Major steps to realize with this Script:</p>
<ol>
<li>Establish an openVPN connection to the main invis-server</li>
<li>Join the Domain as a "Read Only Domain Controller" (RODC)</li>
<li>Setup sssd</li>
<li>Setup local samba shares</li>
<li>realize (owncloud based) data synchronization between sub and main-server</li>
</ol>
<p>Some of these steps are already realized inside the joininvis-script from the invisAD-client package.</p>
<p>Joining the domain as a rodc (<a href="https://de.wikipedia.org/wiki/Read_Only_Domain_Controller" class="external">https://de.wikipedia.org/wiki/Read_Only_Domain_Controller</a>) instead of a simple member server seems to be the better way. In a productive environment at one of our custumers I tried to realize a subsidiary server as a simple member-server. Nearly every time the vpn-connection caused by a not very stable internet-connection, I had to rejoin the domain with the sub-server to give the sub-users access to their local samba-shares. </p>
invisAD-setup - action #39161 (Closed): Build a new invisAD-setup Version 13.5https://progress.opensuse.org/issues/391612018-08-05T10:29:18Zflaccostefan@invis-server.org
<p>13.5 is a kind of intermediate version to prepare an upgrade to upcoming leap15 based Versions.</p>
<ul>
<li>This Version uses PHP7 and corNAz is already integrated in our invis-Portal.</li>
<li>It should support PHP7 based Kopano 8.6 packages and ownCloud 10.</li>
</ul>
invisAD-setup - action #37414 (In Progress): Implementation of SingleSignOnhttps://progress.opensuse.org/issues/374142018-06-15T07:57:23Zflaccostefan@invis-server.org
<p>Step by step we should implement SSO for as much applications as possible. First step would be to fit the apache2 setup for SSO.</p>
invisAD-setup - action #36514 (Closed): ntp was removed from minimal server based setuphttps://progress.opensuse.org/issues/365142018-05-24T21:07:57Zflaccostefan@invis-server.org
<p>We have to add it to our setup (first test was negative, ntpd didn't start. Error was: blocking_getaddrinfo can not queue response / <a href="https://lists.opensuse.org/opensuse-factory/2017-06/msg00774.html" class="external">https://lists.opensuse.org/opensuse-factory/2017-06/msg00774.html</a>) or he have to check if it is possible to substitute ntpd with systemd functions or ntpsec.</p>
invisAD-setup - action #29909 (Closed): Upgrade to PHP7https://progress.opensuse.org/issues/299092018-01-02T09:29:18Zflaccostefan@invis-server.org
<p>We have to upgrade the invis-server to php7. The now used Version 5.5. is out of maintenance and newer openSUSE Versions possibly ship only php7.</p>
<p>I think that the most wepapps we have included in invis-server still support php7. Biggest problem could be the invis-portal.</p>