openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842020-02-20T07:36:54ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #63634 (New): We should publish a list with the expiry dates of all VPN cl...https://progress.opensuse.org/issues/636342020-02-20T07:36:54Zflaccostefan@invis-server.org
<p>The VPN client certs we create have a 24 month time to live. Actually the users have no information about this, the don't know when there clients certs epxire. More than once this caused problems in practice.</p>
invisAD-setup - action #63631 (Closed): We should publish the CRL expiration date via invis portalhttps://progress.opensuse.org/issues/636312020-02-20T07:32:14Zflaccostefan@invis-server.org
<p>Our CRL (Certification Revocation List) expires 6 month after creation. We should publish this date via invis-Portal.</p>
invisAD-setup - action #54389 (New): DNS-Updates via DHCP-Server should be possiblehttps://progress.opensuse.org/issues/543892019-07-18T06:37:55Zflaccostefan@invis-server.org
<p>In our setup every try to update DNS-Records dynamically fails:</p>
<p>Unable to add forward map from LANCOM_884_VOIP.baettenhausen.local to 192.168.1.205: REFUSED</p>
<p>This should be possible.</p>
<p>How to setup: <a href="https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND" class="external">https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND</a></p>
invisAD-setup - action #52019 (Closed): invis-Portal: Add a new function-sitehttps://progress.opensuse.org/issues/520192019-05-27T08:25:26Zflaccostefan@invis-server.org
<p>It should be possible to execute some administrative shell-scripts via invis-portal.</p>
invisAD-setup - action #51920 (Closed): invis-Server Setup Test with openSUSE Leap 15.1https://progress.opensuse.org/issues/519202019-05-23T10:05:12Zflaccostefan@invis-server.org
<p>We should build invis-Server 14.1 on base of Leap 15.1</p>
invisAD-setup - action #51869 (Closed): Build new own Samba-packageshttps://progress.opensuse.org/issues/518692019-05-22T16:22:30Zflaccostefan@invis-server.org
<p>Caused by problems with the MIT-Kerberos implementation and it's "experimental" state, we must build again own Samba-packages with Heimdal-Kerberos and switch our setup back to these own packages.</p>
invisAD-setup - action #51386 (Closed): invis-Server should be compatile with Btrfs.https://progress.opensuse.org/issues/513862019-05-12T07:25:07Zflaccostefan@invis-server.org
<p>First testinstallation with Btrfs on the Root-Volume shows that it was impossible to boot the server after setup with sine2.</p>
invisAD-setup - action #51383 (Closed): invis-Portal: Filter for Hostlisthttps://progress.opensuse.org/issues/513832019-05-12T07:21:37Zflaccostefan@invis-server.org
<p>It should be possible to filter the elements of the hostlist by type like we do it in the userlist.</p>
invisAD-setup - action #47072 (Closed): Check our DHCP-LDAP Schemahttps://progress.opensuse.org/issues/470722019-02-03T10:47:39Zflaccostefan@invis-server.org
<p>During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".</p>
<p>dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.</p>
<p>Errors:</p>
<hr>
<p>ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'<br>
Not fixing attribute mayContain<br>
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!<br>
Not fixing attribute 'mayContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'<br>
Not fixing attribute mustContain<br>
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!<br>
Not fixing attribute 'mustContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=<a href="mailto:postmaster@140-net.loc">postmaster@140-net.loc</a>,CN=Users,DC=140-net,DC=loc<br>
Not fixing SID component mismatch</p>
<hr>
invis-sub-setup - action #46718 (In Progress): Create a setup-script for invis-sub-serverhttps://progress.opensuse.org/issues/467182019-01-26T15:49:46Zflaccostefan@invis-server.org
<p>Major steps to realize with this Script:</p>
<ol>
<li>Establish an openVPN connection to the main invis-server</li>
<li>Join the Domain as a "Read Only Domain Controller" (RODC)</li>
<li>Setup sssd</li>
<li>Setup local samba shares</li>
<li>realize (owncloud based) data synchronization between sub and main-server</li>
</ol>
<p>Some of these steps are already realized inside the joininvis-script from the invisAD-client package.</p>
<p>Joining the domain as a rodc (<a href="https://de.wikipedia.org/wiki/Read_Only_Domain_Controller" class="external">https://de.wikipedia.org/wiki/Read_Only_Domain_Controller</a>) instead of a simple member server seems to be the better way. In a productive environment at one of our custumers I tried to realize a subsidiary server as a simple member-server. Nearly every time the vpn-connection caused by a not very stable internet-connection, I had to rejoin the domain with the sub-server to give the sub-users access to their local samba-shares. </p>
invisAD-setup - action #39161 (Closed): Build a new invisAD-setup Version 13.5https://progress.opensuse.org/issues/391612018-08-05T10:29:18Zflaccostefan@invis-server.org
<p>13.5 is a kind of intermediate version to prepare an upgrade to upcoming leap15 based Versions.</p>
<ul>
<li>This Version uses PHP7 and corNAz is already integrated in our invis-Portal.</li>
<li>It should support PHP7 based Kopano 8.6 packages and ownCloud 10.</li>
</ul>
invisAD-setup - action #37414 (In Progress): Implementation of SingleSignOnhttps://progress.opensuse.org/issues/374142018-06-15T07:57:23Zflaccostefan@invis-server.org
<p>Step by step we should implement SSO for as much applications as possible. First step would be to fit the apache2 setup for SSO.</p>
invisAD-setup - action #36514 (Closed): ntp was removed from minimal server based setuphttps://progress.opensuse.org/issues/365142018-05-24T21:07:57Zflaccostefan@invis-server.org
<p>We have to add it to our setup (first test was negative, ntpd didn't start. Error was: blocking_getaddrinfo can not queue response / <a href="https://lists.opensuse.org/opensuse-factory/2017-06/msg00774.html" class="external">https://lists.opensuse.org/opensuse-factory/2017-06/msg00774.html</a>) or he have to check if it is possible to substitute ntpd with systemd functions or ntpsec.</p>
invis-backup - action #23794 (Rejected): Implementing rdiff-backup-web to invis-serverhttps://progress.opensuse.org/issues/237942017-08-30T18:53:30Zflaccostefan@invis-server.org
<p>The invis-server own backup-solution "invis-rdbu" uses rdiff-backup as the main backup-tool. </p>
<p>Restoring Data from a rdiff-backup repository isn't easy enough to give our users the oportunity to restore data from the backup by themself. Implemting the fuse-based rdiff-backup Filesystem in combination with rdiff-backup-web makes it much more easy to do this job. </p>
<p>Ingo has allready build a rdiff-backup-fs package in our OBS Repos, no we can start implementing and testing rdiff-backup-web.</p>
<p>rdiff-backup-web on Sourceforge: <a href="http://rdiffbackupweb.sourceforge.net/" class="external">http://rdiffbackupweb.sourceforge.net/</a></p>
<p>Caution: This software is in an early alpha state, perhaps it isn't stabel enough for our needs. </p>
invis-backup - action #23672 (Rejected): add encryption to invis-rdbu https://progress.opensuse.org/issues/236722017-08-26T11:28:04Zflaccostefan@invis-server.org
<p>We should extend our own backup-solution invis-rdbu to support encrypted harddisks or volumes.</p>
<p>invis-rdbu can use external eSATA or USB Disks as backup targets. These targes should be encrypted for security reasons.</p>
<p>I think that it's not necessary to encrypt the backup target in case if the target is a backup-server.</p>