Nextcloud installieren - ERROR: Failed to create settings/ldapschema object

mrothmund · December 3, 2017, 10:58am

Hallo Leute,

ich hatte auf meinem Server früher mal Nextcloud. Die wurde wahrscheinlich durch ein Update deinstalliert. Wenn ich jetzt versuche die Nextcloud wieder zu installieren bekomme ich nur Fehler.

root@nextcloud:/etc# univention-app info
UCS: 4.2-3 errata231
App Center compatibility: 4
Installed: adconnector=11.0 letsencrypt=1.1.1-2 samba-memberserver=4.6
Upgradable:

root@nextcloud:/etc# ucr get server/role
domaincontroller_master

univention-app install nextcloud

Press [ENTER] to continue
Creating data directories for nextcloud...
Copying /var/cache/univention-appcenter/appcenter.software-univention.de/4.1/nextcloud_20170920093639.schema
Registering UCR for nextcloud
Marking 4.1/nextcloud=12.0.3-0 as installed
File: /etc/univention/service.info/services/univention-appcenter.cfg
Multifile: /etc/postgresql/9.4/main/pg_hba.conf
File: /usr/share/univention-portal/apps.json
Setting ports for apache proxy
Multifile: /etc/apache2/sites-available/000-default.conf
Multifile: /etc/apache2/sites-available/default-ssl.conf
Creating /etc/init.d/docker-app-nextcloud
Adding localhost to LDAP object
Setting overview variables
Module: create_portal_entries
Reloading apache2 configuration (via systemctl): apache2.service.
Es wurden 0 B in 0 s geholt (0 B/s)
Ausführen von dpkg
4.1/nextcloud=12.0.3-0 already has its database
Registering schema /usr/share/univention-appcenter/apps/nextcloud/nextcloud.schema
authentication error: Authentication failed

ERROR: Failed to create settings/ldapschema object.
Registration of schema extension failed (Code: 1)
Aborting...
Going to remove Nextcloud (12.0.3-0)
   Die Deinstallation von Nextcloud wird ebenfalls alle Daten entfernen.

   Falls diese behalten werden sollen, sollte ein Backup der nextcloud
   Datenbank aus PostgreSQL sowie vom Datenordner
   /var/lib/univention-appcenter/apps/nextcloud/data angelegt werden, bevor
   mit der Deinstallation fortgefahren wird.
Press [ENTER] to continue
No hostdn for nextcloud found. Nothing to remove
Configuring 4.1/nextcloud=12.0.3-0
Removing localhost from LDAP object
File: /etc/univention/service.info/services/univention-appcenter.cfg
Multifile: /etc/postgresql/9.4/main/pg_hba.conf
Multifile: /etc/apache2/sites-available/000-default.conf
Multifile: /etc/apache2/sites-available/default-ssl.conf
Module: create_portal_entries
File: /usr/share/univention-portal/apps.json


Reloading apache2 configuration (via systemctl): apache2.service.
Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/4.1/nextcloud_20170920093639.uinst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2017 Univention GmbH, Germany

Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 26univention-samba.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 31univention-nagios-ad-connector.inst skipped (already executed)
Running 33univention-portal.inst skipped (already executed)
Running 34univention-management-console-server.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-adconnector.inst skipped (already executed)
Running 35univention-management-console-module-appcenter.inst skipped (already executed)
Running 35univention-management-console-module-diagnostic.inst skipped (already executed)
Running 35univention-management-console-module-ipchange.inst skipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-mrtg.inst skipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.inst skipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.inst skipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.inst skipped (already executed)
Running 35univention-server-overview.inst skipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 40univention-postgresql.inst skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst skipped (already executed)
Running 81univention-ad-connector.inst skipped (already executed)
Running 81univention-nfs-server.inst skipped (already executed)
Running 90univention-bind-post.inst skipped (already executed)
Running 91univention-saml.inst skipped (already executed)
Running 92univention-management-console-web-server.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
Running 51nextcloud-uninstall.uinst failed (exitcode: 3)

root@nextcloud:/etc# univention-check-join-status
Warning: ‘nextcloud-uninstall’ is not configured.
Error: Not all install files configured: 1 missing

root@nextcloud:/etc# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2017 Univention GmbH, Germany

Join on DC Master impossible

root@nextcloud:/etc# univention-run-join-scripts

univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2017 Univention GmbH, Germany

Running 01univention-ldap-server-init.inst                 skipped (already executed)
Running 02univention-directory-notifier.inst               skipped (already executed)
Running 03univention-directory-listener.inst               skipped (already executed)
Running 04univention-ldap-client.inst                      skipped (already executed)
Running 05univention-bind.inst                             skipped (already executed)
Running 08univention-apache.inst                           skipped (already executed)
Running 10univention-ldap-server.inst                      skipped (already executed)
Running 11univention-heimdal-init.inst                     skipped (already executed)
Running 11univention-pam.inst                              skipped (already executed)
Running 15univention-directory-notifier-post.inst          skipped (already executed)
Running 15univention-heimdal-kdc.inst                      skipped (already executed)
Running 18python-univention-directory-manager.inst         skipped (already executed)
Running 20univention-directory-policy.inst                 skipped (already executed)
Running 20univention-join.inst                             skipped (already executed)
Running 26univention-nagios-common.inst                    skipped (already executed)
Running 26univention-samba.inst                            skipped (already executed)
Running 30univention-appcenter.inst                        skipped (already executed)
Running 30univention-nagios-client.inst                    skipped (already executed)
Running 31univention-nagios-ad-connector.inst              skipped (already executed)
Running 33univention-portal.inst                           skipped (already executed)
Running 34univention-management-console-server.inst        skipped (already executed)
Running 35univention-appcenter-docker.inst                 skipped (already executed)
Running 35univention-management-console-module-adconnector.skipped (already executed)
Running 35univention-management-console-module-appcenter.inskipped (already executed)
Running 35univention-management-console-module-diagnostic.iskipped (already executed)
Running 35univention-management-console-module-ipchange.insskipped (already executed)
Running 35univention-management-console-module-join.inst   skipped (already executed)
Running 35univention-management-console-module-lib.inst    skipped (already executed)
Running 35univention-management-console-module-mrtg.inst   skipped (already executed)
Running 35univention-management-console-module-quota.inst  skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.insskipped (already executed)
Running 35univention-management-console-module-setup.inst  skipped (already executed)
Running 35univention-management-console-module-sysinfo.instskipped (already executed)
Running 35univention-management-console-module-top.inst    skipped (already executed)
Running 35univention-management-console-module-ucr.inst    skipped (already executed)
Running 35univention-management-console-module-udm.inst    skipped (already executed)
Running 35univention-management-console-module-updater.instskipped (already executed)
Running 35univention-server-overview.inst                  skipped (already executed)
Running 36univention-management-console-module-apps.inst   skipped (already executed)
Running 40univention-postgresql.inst                       skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst   skipped (already executed)
Running 81univention-ad-connector.inst                     skipped (already executed)
Running 81univention-nfs-server.inst                       skipped (already executed)
Running 90univention-bind-post.inst                        skipped (already executed)
Running 91univention-saml.inst                             skipped (already executed)
Running 92univention-management-console-web-server.inst    skipped (already executed)
Running 98univention-pkgdb-tools.inst                      skipped (already executed)
Running 51nextcloud-uninstall.uinst                        failed (exitcode: 3)

root@nextcloud:/etc# univention-app remove nextcloud

Going to remove Nextcloud (12.0.3-0)
   Die Deinstallation von Nextcloud wird ebenfalls alle Daten entfernen.

   Falls diese behalten werden sollen, sollte ein Backup der nextcloud
   Datenbank aus PostgreSQL sowie vom Datenordner
   /var/lib/univention-appcenter/apps/nextcloud/data angelegt werden, bevor
   mit der Deinstallation fortgefahren wird.
Press [ENTER] to continue
No hostdn for nextcloud found. Nothing to remove
Configuring 4.1/nextcloud=12.0.3-0
No container found. Unable to backup
Reloading apache2 configuration (via systemctl): apache2.service.
Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/4.1/nextcloud_20170920093639.uinst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2017 Univention GmbH, Germany

Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 26univention-samba.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 31univention-nagios-ad-connector.inst skipped (already executed)
Running 33univention-portal.inst skipped (already executed)
Running 34univention-management-console-server.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-adconnector.inst skipped (already executed)
Running 35univention-management-console-module-appcenter.inst skipped (already executed)
Running 35univention-management-console-module-diagnostic.inst skipped (already executed)
Running 35univention-management-console-module-ipchange.inst skipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-mrtg.inst skipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.inst skipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.inst skipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.inst skipped (already executed)
Running 35univention-server-overview.inst skipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 40univention-postgresql.inst skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst skipped (already executed)
Running 81univention-ad-connector.inst skipped (already executed)
Running 81univention-nfs-server.inst skipped (already executed)
Running 90univention-bind-post.inst skipped (already executed)
Running 91univention-saml.inst skipped (already executed)
Running 92univention-management-console-web-server.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
Running 51nextcloud-uninstall.uinst failed (exitcode: 3)

Deinstallation schlägt fehl.

sh -x /usr/lib/univention-install/51nextcloud-uninstall.uinst
kommt am Ende:

univention-directory-manager container/cn remove --dn cn=nextcloud,cn=custom attributes,cn=univention,dc=kunde,dc=local
E: object not found
die
exit 3

Appcenter Log:

appcenter.log (40,0 KB)

Was kann ich noch tun???

mrothmund · December 3, 2017, 11:01am

Die Befehle aus dem Artikel habe ich auch schon versucht:

*univention-directory-manager container/cn remove “$@” *
> --dn “cn=nextcloud,cn=custom attributes,cn=univention,$ldap_base” || die

E: object not found
-bash: die: Kommando nicht gefunden.

*su -c “psql -c “drop database nextcloud”” - postgres *
&& su -c “dropuser “nextcloud”” - postgres
DROP DATABASE
root@nextcloud:/var/log/univention#

Aber wenn ich es dann wieder installiere, habe ich den selben Fehler und ich drehe ich im Kreis…

mrothmund · December 5, 2017, 12:47pm

Hallo Leute,

ich habe es nun selber lösen können. Der Administrator in der Windows Domäne hieß nicht Administrator sondern nur admin. D.h. man muss die nextcloud folgt installieren:

root@nextcloud:~# univention-app install nextcloud --username admin

Danach lief alles “normal” durch und ist Installiert.

mrothmund · December 5, 2017, 1:59pm

Leider doch zu früh gefreut…

die Nextcloud funktioniert jetzt zwar gundsätzlich. Kann mich auch mit dem nc_admin anmelden. Aber das Joinen hat leider nicht funktioniert.
Es gibt wohl ein grundätzliches Problem mit dem Username “admin”

root@nextcloud:~# univention-app register nextcloud --username admin
Component needs to be registered in the container
Creating data directories for nextcloud…
Copying /var/cache/univention-appcenter/appcenter.software-univention.de/4.1/nextcloud_20170920093639.schema
Already found cn=nextc-78332714,cn=memberserver,cn=computers,dc=kunde,dc=local as a host for nextcloud. Trying to retrieve machine secret.
Registering UCR for nextcloud
Marking 4.1/nextcloud=12.0.3-0 as installed
Setting ports for apache proxy
Creating /etc/init.d/docker-app-nextcloud
Adding localhost to LDAP object
Setting overview variables
Es wurden 0 B in 0 s geholt (0 B/s)
Ausführen von dpkg
4.1/nextcloud=12.0.3-0 already has its database
Registering schema /usr/share/univention-appcenter/apps/nextcloud/nextcloud.schema
Password for admin:
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=kunde,dc=local

WARNING: cannot append nextcloud to appidentifier, value exists
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=kunde,dc=local

Waiting for activation of the extension object nextcloud: OK

root@nextcloud:~# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2017 Univention GmbH, Germany

Join on DC Master impossible

root@nextcloud:~# univention-check-join-status
Warning: ‘nextcloud’ is not configured.
Error: Not all install files configured: 1 missing

root@nextcloud:~# univention-app info
UCS: 4.2-3 errata231
App Center compatibility: 4
Installed: adconnector=11.0 letsencrypt=1.1.1-2 samba-memberserver=4.6 4.1/nextcloud=12.0.3-0
Upgradable:

root@nextcloud:~# univention-app install nextcloud
Going to install Nextcloud (12.0.3-0)
(must_not_be_installed) This application is already installed
Unable to install nextcloud. Aborting…

SirTux · December 5, 2017, 2:07pm

Probiers mal damit:

univention-run-join-scripts --ask-pass

mrothmund · December 5, 2017, 2:23pm

Benutzer admin = Fehler und den Benutzer Administrator gibt es gar nicht.

root@nextcloud:~# univention-run-join-scripts --ask-pass
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright © 2001-2017 Univention GmbH, Germany

Enter DC Master Account : admin
Enter DC Master Password:

Search LDAP binddn Warning: Permanently added ‘nextcloud.kunde.local,192.168.0.36’ (ECDSA) to the list of known hosts.
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)
Insufficient access (50)

Running join scripts failed! *

Message: binddn for user admin not found

root@nextcloud:~# univention-run-join-scripts --ask-pass
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright © 2001-2017 Univention GmbH, Germany

Enter DC Master Account : administrator
Enter DC Master Password:

Search LDAP binddn Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).

Running join scripts failed! *

Message: binddn for user administrator not found

SirTux · December 5, 2017, 2:39pm

Klappt das denn:

unkivention-lapsearch uid=admin
id admin

Aber AFAIK gibt es in jeder UCS-Domänen einen “admin” mit dem Paßwort aus /etc/ldap.secret. Vielleicht verwechselst du das …

Wie wurde die Domain eigentlich aufgesetzt? Zwischen den Zeilen habe ich etwas von einem AD-Takeover gelesen …

mrothmund · December 5, 2017, 2:55pm

Die Domäne wurde leider nicht von uns aufgesetzt. Das hat eine andere Firma gemacht.
Wir vermuten aber das war eine Migration von einer SBS2011 Domäne.
Der Administator auf allen Windows Systemen heißt jedefalls “admin”

root@nextcloud:~# univention-ldapsearch uid=admin

extended LDIF

LDAPv3

base <dc=kunde,dc=local> (default) with scope subtree

filter: uid=admin

requesting: ALL

Admin, Servicekonten, Benutzer, kunde.local

dn: uid=Admin,ou=Servicekonten,ou=Benutzer,dc=kunde,dc=local
uid: Admin
krb5PrincipalName: Admin@kunde.LOCAL
uidNumber: 2136
sambaAcctFlags: [U ]
sambaPasswordHistory: 99
B4CA9570
krb5MaxLife: 86400
cn: Admin
krb5Key:: MEyhKzA/8SQ5SiHTAb
oAMCAQOhFAQkbWlu
krb5Key:: MEShIzAho
EkdBSUxJTkcuTE9D
krb5Key:: MDShEzAR
bWlu
krb5Key:: MDShEzARo
bWlu
krb5Key:: MDST0NBTEFk
bWlu
krb5Key:: MDyhGzAZoAM
LkxPQ0FMQWRtaW4=
krb5Key:: MDyhGzAZoAM
LkxPQ0FMQWRtaW4=
krb5MaxRenew: 604800
krb5KeyVersionNumber: 1
sambaLogonScript: users\administrator.bat
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
sambaPwdLastSet: 1500317889
displayName: Admin
mailPrimaryAddress: admin@kunde-druck.de
sambaSID: S-1-5-21-18954
gecos: Admin
sn: Admin
pwhistory: $6$uk.TJu
BXVPu2tQPTcYttrr2CEXxg2S.HKJaweHXgMS5L0
homeDirectory: /home/Admin
gidNumber: 5001
sambaPrimaryGroupSID: S-1-5-21-189540787
userPassword:: e0tJTklUfQ==
sambaNTPassword: NO PASSWORD*********************
univentionObjectFlag: synced
objectClass: krb5KDCEntry
objectClass: univentionPerson
objectClass: person
objectClass: automount
objectClass: top
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: univentionMail
objectClass: univentionObject
objectClass: shadowAccount
objectClass: krb5Principal
objectClass: posixAccount
univentionUMCProperty: appcenterSeen=2
univentionUMCProperty: udmUserGridView=default
univentionUMCProperty: favorites=appcenter:appcenter,updater,udm:users/user,ud
m:groups/group,udm:computers/computer,apps:letsencrypt

search result

search: 3
result: 0 Success

numResponses: 2

numEntries: 1

root@nextcloud:~# id admin
uid=2136(Admin) gid=5001(Domänen-Benutzer) Gruppen=5001(Domänen-Benutzer),5000(Domänen-Admins),5011(Richtlinien-Ersteller-Besitzer),5014(Abgelehnte RODC-Kennwortreplikationsgruppe),5018(Organisations-Admins),5019(Schema-Admins),5030(Organization Management),5063(Daten-Benutzer),5064(FAV(alt)-Benutzer),5065(Ordnerumleitung-Benutzer),5066(Balsfulland-Benutzer),5067(SFirm-Benutzer),5069(Desktop-Umleitung-Benutzer)
root@nextcloud:~#

SirTux · December 5, 2017, 3:19pm

Ok, ich glaube dem “Admin” fehlen folgende wichtige Gruppen:

Administrators
DC Backup Hosts
Enterprise Admins
GROUP Policy Creator Owners
Schema Admins

mrothmund · December 5, 2017, 3:38pm

Soll ich die Gruppen in der AD zuordnen oder wie?

SirTux · December 5, 2017, 3:45pm

Über die UMC eigentlich. Aber sofern es die Gruppen auch im AD gibt, sollte es auch darüber gehen.

mrothmund · December 5, 2017, 4:23pm

Die Gruppen gibt es leider nicht alle.
Bekomme im Log beim Joinen von Nextcloud aber folgenden Fehler:

SSL: no alternative certificate subject name matches target host name ‘nextcloud.kunde.local’
Wir nutzen Letsencrypt und hier ist der Interne Namen. Das evtl. auch ein Problem?

mrothmund · December 5, 2017, 4:45pm

Ja das wars…endlich ist es wirklich gelöst.

Habe letsencrypt deaktiviert und nochmals gejoint. Hat sofort funktioniert, habe dann wieder Letsencrypt Aktiviert und nun geht beides !!!

VIelen Dank für die Hilfe