openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842022-06-02T13:22:38ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #111974 (In Progress): Problem mit DNS bei Übernahme eines bestehenden ADhttps://progress.opensuse.org/issues/1119742022-06-02T13:22:38Zflaccostefan@invis-server.org
<p>Wenn wir ein AD auf einem neu installierten Server aus einer AD-Vollsicherung eines älteren Servers übernehmen, laufen wir in Probleme mit der DNS Namensauflösung.</p>
<p>Ich habe das ganze mal versucht zu analysieren (einen ähnlichen Fall hatten wir auch beim Wechsel der Sernet- auf eigene Samba-Pakete).</p>
<p>Unter /var/lib/samba existieren aktuell zwei mit "sam.ldb.d" genannte Verzeichnisse, einmal unter "private" und einmal unter "bind-dns/dns". In alten Installationen existiert darüber hinaus ein weiteres unter "private/dns".</p>
<p>Dabei standen früher "bind-dns/dns" und "private/dns" vermutlich über Hardlinks in Beziehung. Gegenwärtig besteht die Beziehung zwischen "bind-dns/dns" und "private/sam.ldb.d". Einzelne der LDB-Dateien sind Hardlinks.</p>
<p>Wird jetzt eine Sicherung eines alten AD wiederhergestellt, existieren wieder alle drei Verzeichnisse, allerdings ohne Hardlinks. Daraus resultiert, dass der Nameserver bind nichts von Veränderungen in den DNS-Daten des AD vorgenommen werden. Dabei spielt es keine Rolle, ob eine Veränderung über unser Portal oder das samba-tool vorgenommen werden, bind bekommt davon nichts mit.</p>
<p>Ich untersuche jetzt welche Dateien per Hardlink miteinander verknüpft sind.</p>
invis-backup - action #104826 (In Progress): LVM Snapshot des Root-Volumes lässt sich mit 5er Ker...https://progress.opensuse.org/issues/1048262022-01-12T07:06:39Zflaccostefan@invis-server.org
<p>Der Linux Kernel lässt das mounten nicht zu, da er nicht zwei Mounts eines BtrFS-Dateisystems mit gleicher UUID zulässt.</p>
<p>D.h. vor dem Mount des Snapshots muss dessen UUID geändert werden.</p>
<p>Infos hier: <a href="https://unix.stackexchange.com/questions/537029/error-for-mount-system-call-failed-file-exists" class="external">https://unix.stackexchange.com/questions/537029/error-for-mount-system-call-failed-file-exists</a></p>
invisAD-setup - action #98042 (In Progress): Release invis-Server 14.3https://progress.opensuse.org/issues/980422021-09-03T06:45:05Zflaccostefan@invis-server.org
<p>invis-Server 14.3 fertigstellen und veröffentlichen.</p>
invisAD-setup - action #81076 (In Progress): DHCP-Server Konfiguration im AD so vorbereiten, dass...https://progress.opensuse.org/issues/810762020-12-15T19:44:33Zflaccostefan@invis-server.org
<p>Dafür müssen die LDIF-Dateien für das Setup des Servers um zwei DHCP-Optionen erweitert werden:</p>
<p>rfc3442-classless-static-routes code 121 = array of integer 8<br>
ms-classless-static-routes code 249 = array of integer 8</p>
<p>Ergänzend sollte ein Shellscript für die invis-Toolbox geschrieben werden, welches die eigentlichen Routen dann in der Subnetz-Deklaration die eigentlichen Routen ergänzt.</p>
invisAD-setup - action #67543 (Workable): Upgrade Test from invis-Server 14.1 to 14.3 (14.2 wird ...https://progress.opensuse.org/issues/675432020-06-01T13:56:40Zflaccostefan@invis-server.org
<p>Test an direct upgrade from invis-server 14.1 based on Leap 15.1 to invis-Server 14.3 based on Leap 15.3</p>
<p>It is necessary to do the distribution upgrade step by step: 15.1 -> 15.2 -> 15.3</p>
<p><del>Before release of 14.2 we should do an upgrade test from 14.1 to 14.2 based on leap 15.1.</del></p>
<p><del>14.2 should be just a feature and bugfix release, but to be compatible with the upcoming leap 15.2 we had to build new samba and sssd packages which are much newer than the distribution packages. Installing the invisAD-setup-14 (14.2) package forces an upgrade of sssd and samba. This means a release without a upgrade test is dangerous.</del></p>
<p><del>Perhaps we should ship 14.2 as an intermediate package on the way to invis-server 15.0 just like 13.5 was.</del></p>
invisAD-setup - action #67540 (In Progress): Build Kimai 2.0 packagehttps://progress.opensuse.org/issues/675402020-06-01T13:42:23Zflaccostefan@invis-server.org
<p>invis-server ships Kimai Timetracking in Version 1.3.x. The Kimai projects releases kimai2 some time ago. Kimai2 is a complete new software.</p>
invisAD-setup - action #63634 (New): We should publish a list with the expiry dates of all VPN cl...https://progress.opensuse.org/issues/636342020-02-20T07:36:54Zflaccostefan@invis-server.org
<p>The VPN client certs we create have a 24 month time to live. Actually the users have no information about this, the don't know when there clients certs epxire. More than once this caused problems in practice.</p>
invisAD-setup - action #54389 (New): DNS-Updates via DHCP-Server should be possiblehttps://progress.opensuse.org/issues/543892019-07-18T06:37:55Zflaccostefan@invis-server.org
<p>In our setup every try to update DNS-Records dynamically fails:</p>
<p>Unable to add forward map from LANCOM_884_VOIP.baettenhausen.local to 192.168.1.205: REFUSED</p>
<p>This should be possible.</p>
<p>How to setup: <a href="https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND" class="external">https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND</a></p>
invis-sub-setup - action #46718 (In Progress): Create a setup-script for invis-sub-serverhttps://progress.opensuse.org/issues/467182019-01-26T15:49:46Zflaccostefan@invis-server.org
<p>Major steps to realize with this Script:</p>
<ol>
<li>Establish an openVPN connection to the main invis-server</li>
<li>Join the Domain as a "Read Only Domain Controller" (RODC)</li>
<li>Setup sssd</li>
<li>Setup local samba shares</li>
<li>realize (owncloud based) data synchronization between sub and main-server</li>
</ol>
<p>Some of these steps are already realized inside the joininvis-script from the invisAD-client package.</p>
<p>Joining the domain as a rodc (<a href="https://de.wikipedia.org/wiki/Read_Only_Domain_Controller" class="external">https://de.wikipedia.org/wiki/Read_Only_Domain_Controller</a>) instead of a simple member server seems to be the better way. In a productive environment at one of our custumers I tried to realize a subsidiary server as a simple member-server. Nearly every time the vpn-connection caused by a not very stable internet-connection, I had to rejoin the domain with the sub-server to give the sub-users access to their local samba-shares. </p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invis-sub-setup - action #38303 (In Progress): Create a rpm package with basic directories, confi...https://progress.opensuse.org/issues/383032018-07-07T07:49:01Zflaccostefan@invis-server.org
<p>We have to create a first rpm package for the invis-Sub-Server which contains the basic directories, config files and dependencies. The package should be the base for the further development of the invis subsidiary server.</p>
<p>Known dependencies are:</p>
<p>openvpn<br>
krb5-client<br>
samba<br>
owncloud-client</p>
invisAD-setup - action #37414 (In Progress): Implementation of SingleSignOnhttps://progress.opensuse.org/issues/374142018-06-15T07:57:23Zflaccostefan@invis-server.org
<p>Step by step we should implement SSO for as much applications as possible. First step would be to fit the apache2 setup for SSO.</p>
invisAD-setup - action #36115 (Resolved): Password-Handling during sine2 runhttps://progress.opensuse.org/issues/361152018-05-13T09:55:24Zflaccostefan@invis-server.org
<p>We should create all passwords by random pw-generator and put them in to a new setup datafile. => /var/lib/sine/invis_pws. This file should only accessible for root. </p>
<p>Showing this file could be done with "sine2 showpws".</p>
<p>Exception: This will not work for the CA private-key password. </p>
invisAD-setup - action #36108 (Resolved): Connect kimai to ADhttps://progress.opensuse.org/issues/361082018-05-12T12:23:35Zflaccostefan@invis-server.org
<p>sine2 should prepare the connection of kimai to the activedirectory</p>
invisAD-client - action #31636 (In Progress): bringing invis-client package to opensuse factoryhttps://progress.opensuse.org/issues/316362018-02-10T17:01:11Zflaccostefan@invis-server.org
<p>In github (<a href="https://github.com/invisserver/invisAD-client" class="external">https://github.com/invisserver/invisAD-client</a>) I startet a very small invis-client project. It's goal is to add opensuse Linux workstations to an invis-server AD domain. Using this tool is a litlle bit complicated because it has to be cloned from github before using it.</p>
<p>We should bring this as a rpm package into opensuse-factory to make it easy for opensuse clients to join an invis-server domain.</p>
<p>Steps:</p>
<ol>
<li>build a package in spins:invis:testing</li>
<li>request to add it to factory</li>
</ol>