[Bug 215645] New: yast2 samba-client needs to adjust time prior to joining AD domain
https://bugzilla.novell.com/show_bug.cgi?id=215645 Summary: yast2 samba-client needs to adjust time prior to joining AD domain Product: openSUSE 10.2 Version: Beta 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jsuchome@novell.com ReportedBy: gdeschner@novell.com QAContact: jsrain@novell.com CC: samba-maintainers@SuSE.de The new join code in Samba 3.0.23 depends on having an adjusted system time. The easiest way to achive that is to call "net time set -S MYDC" as soon as a valid DC has been found. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #1 from gdeschner@novell.com 2006-10-27 06:06 MST ------- Created an attachment (id=102810) --> (https://bugzilla.novell.com/attachment.cgi?id=102810&action=view) adjust clockskew for kerberos spnego session setup Jeremy, we could fake the correct time for the kerberos session setup in "net" in the same way we do for the spnego LDAP bind (by taking the ads->auth.time_offset). Just don't like to modify some many callers... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #2 from gdeschner@novell.com 2006-10-27 06:07 MST ------- Of course this will bite us for the sled10 sp1 as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #3 from jsuchome@novell.com 2006-10-27 06:18 MST ------- Created an attachment (id=102811) --> (https://bugzilla.novell.com/attachment.cgi?id=102811&action=view) patch for /usr/share/YaST2/modules/SambaAD.pm Could you patch your SambaAD.pm and use yast2-samba-client to test the patch? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |gdeschner@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #4 from gdeschner@novell.com 2006-10-27 06:55 MST ------- Created an attachment (id=102821) --> (https://bugzilla.novell.com/attachment.cgi?id=102821&action=view) picture of failed join attempt Just for visualisation... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|gdeschner@novell.com | ------- Comment #5 from gdeschner@novell.com 2006-10-27 06:55 MST ------- Yep, patch works fine. Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #6 from jsuchome@novell.com 2006-10-27 06:59 MST ------- OK, I'm going to sumbit the patch after the other current samba-client issues (bug 214641) are solved. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #7 from gdeschner@novell.com 2006-10-27 07:08 MST ------- Good, could you also take care of syncing the time to the hwclock afterwards? Otherwise after the reboot the time is lost again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |gdeschner@novell.com ------- Comment #8 from jsuchome@novell.com 2006-10-27 08:19 MST ------- Well, I'm bit unsure about this. Do you think users expect that the time changes without noticing them? Such change is currently done in yast2-country module, where is dedicated dialog for changing time or in yast2-ntp-client which - obviously - configures NTP client. Shouldn't we rather introduce a checkbox to the yast2-samba-client dialog, saying [x] Adjust system time to server or something like that? Isn't it just wrong approach to use 'net' for this, shouldn't user have configure NTP? If I would really to write it here (by "hwclock --systohc"), I assume only when join succeeds, is that correct? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 gdeschner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|gdeschner@novell.com | ------- Comment #9 from gdeschner@novell.com 2006-10-27 08:58 MST ------- Very good point. Sure. You could also call "ntpdate $MYDC" prior to the join of course. The point of setting the time before the join (using net or ntpdate) is just about to make the join happen at all :) Then once sucessfully joined to AD, having offered a checkbox [x] Adjust system time from authentication domain controller would be just perfect! Is that still doable? The only point that worries me a bit is to have that DC ip statically in /etc/ntp.conf afterwards where we can't update it easily. BTW: http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/... points out that this (use of ntp) is exactly what Windows clients do. So we should as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |kmachalkova@novell.com ------- Comment #10 from jsuchome@novell.com 2006-10-30 01:23 MST ------- Hmm, I was actually thinking about forcing (or guiding) user to configure his NTP configuration himself (using yast2-ntp-client), not to do that from samba-client configuration. Katarina, could you comment?
Then once sucessfully joined to AD, having offered a checkbox [x] Adjust system time from authentication domain controller would be just perfect!
After the join is done, yast2-samba-client module finishes, so it woudn'd have a sense to show new checkbox at that time. I see 2 possibilities: - showing the checkbox from the beginning (and adjusting the time even before the join only if the checkbox is checked) - adjust the time before join just like in case of comment #3, and after the join succeed, ask for adaptation of time in a popup. And yet another question is: is this all relevant only for Active Directory domains? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #11 from gdeschner@novell.com 2006-10-30 01:38 MST ------- (In reply to comment #10)
And yet another question is: is this all relevant only for Active Directory domains?
Yes, fixing the time difference is only required when using Kerberos authentication (and thus only when talking to Active Directory). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #12 from jsuchome@novell.com 2006-10-30 01:41 MST ------- Another possibility would be to only include the "NTP Configuration..." button to the dialog which would run yast2-ntp-client. Exactly this way it is done in yast2-kerberos-client. (User would need to run it before he tries to join - or after the first unsuccessfull attempt to do so, reacting to error popup shown in comment #4.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|kmachalkova@novell.com | ------- Comment #13 from kmachalkova@novell.com 2006-10-30 02:21 MST ------- Running NTP client after the first unsuccesfull attempt to join (or before the join - depending on how likely is that join will not succeed due to wrongly adjusted time) seems a reasonable solution to me. Only the basic dialog with domain controller as pre-defined server could be displayed (I suppose that DC hostname is known at this time). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |ke@novell.com ------- Comment #14 from jsuchome@novell.com 2006-10-30 06:01 MST ------- Well, the problem is that we are byond the text freeze. The possibilities are: - new text for checkbox "Adjust system time from authentication domain controller", plus new help text - use the same push button label ("&NTP Configuration...") as already is present in yast2-kerberos-client (so it would need just to merge it from different textdomain). We could even use the same help text from kerberos ("To synchronize your time with an NTP server, configure your computer as an NTP client. Access the configuration with <b>NTP Configuration</b>.") Karl, could you comment what is possible now and/or what would you prefer? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ke@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|ke@novell.com | ------- Comment #15 from ke@novell.com 2006-10-30 07:05 MST ------- I'd prefer reusing existing translations. Once done, attach the new pot file, please. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #16 from jsuchome@novell.com 2006-10-30 08:30 MST ------- Created an attachment (id=103041) --> (https://bugzilla.novell.com/attachment.cgi?id=103041&action=view) new pot file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ke@novell.com ------- Comment #17 from jsuchome@novell.com 2006-10-30 08:32 MST ------- Karl, new pot is attached. New texts (present in kerberos.pot) are: #. button label (run YaST client for NTP) #: src/dialogs.ycp:110 msgid "&NTP Configuration..." #. Samba membership dialog - additional help for possible NTP configuration #: src/helps.ycp:87 msgid "" "<p>\n" "To synchronize your time with an NTP server, configure your computer\n" "as an NTP client. Access the configuration with <b>NTP Configuration</b>.\n" "</p>\n" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 jsuchome@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #18 from jsuchome@novell.com 2006-10-30 08:39 MST ------- To yast2-samba-client-2.14.2 (openSUSE 10.2) and yast2-samba-client-2.13.27 (SLES10-SP1) I've done the version with the button, offering the possibility to run yast2-ntp-client (just like in yast2-kerberos-client). The disadvantage of this solution is that user has to enter the name of server manualy. For 10.2, we cannot have new texts, but maybe for SLES10-SP1 I could do the solution with checkbox (which would call ntp-client as well, but with the ADS already detected). Closing the bug for now, Guenther please reopen if you wish better solution for SP1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #19 from jsuchome@novell.com 2006-10-31 03:26 MST ------- Weel, there's other possibility to make NTP configuration more user friendly without adding new texts. Let's leave it with current situation, and when yast2-ntp-client dialog is opened, the address with ADC would be displayed as prepared for adding to ntp configuration. Katarina, NTP configuration is called with WFM::CallFunction ("ntp-client", []); For this, we need only some special command line parameter containing the address (and not invoking command-line mode). (Let's say WFM::CallFunction ("ntp-client", [ "from_samba", "ber.suse.de" ])). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #20 from kmachalkova@novell.com 2006-11-02 10:48 MST ------- Reopening for better fix (on ntp-client's side) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jsuchome@novell.com |kmachalkova@novell.com Status|REOPENED |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 ------- Comment #22 from jsuchome@novell.com 2006-11-06 03:13 MST ------- fixed in yast2-samba-client-2.14.3 and 2.13.2.13.28 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=215645 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #23 from kmachalkova@novell.com 2006-11-06 06:00 MST ------- .. and in yast2-ntp-client 2.14.1 and 2.13.14 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com