96univention-samba4.inst fail

join
samba-ad-dc

#1

I had to reinstall my Univention KVM server and run into problem executing 96univention-samba4.inst and 98univention-samba4-dns.inst join scripts.

Log shows the following error executing 96univention-samba4.inst.
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: …/ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local - …/ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 176, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 668, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1276, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1182, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 593, in join_add_objects
ctx.samdb.add(rec)
Adding CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local
Join failed - cleaning up
Failed to join against the S4 Connector server ucsmaster.
Forest : sunhut.local
Domain : sunhut.local
Netbios domain : SUNHUT
DC name : ucskvm1.sunhut.local
DC netbios name : UCSKVM1
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
Finding a writeable DC for domain ‘sunhut.local’
Found DC ucsmaster.sunhut.local
workgroup is SUNHUT
realm is sunhut.local
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: …/ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local - …/ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 176, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 668, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1276, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1182, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 593, in join_add_objects
ctx.samdb.add(rec)
Adding CN=UCSKVM2,OU=Domain Controllers,DC=sunhut,DC=local
Join failed - cleaning up
Failed to join the domain sunhut.local.
EXITCODE=1


#2

Subsequent execution of 96univention-samba4.inst resulted in Exitcode 0 which leaves me with an error in 98univention-samba4-dns.inst…

From join.log
RUNNING 98univention-samba4-dns.inst
2017-11-26 14:51:02.066393251+01:00 (in joinscript_init)
Waiting for RID Pool replication: …
Error no rIDSetReferences replicated for ucskvm2
EXITCODE=1

sön 26 nov 2017 14:54:30 CET
univention-run-join-scripts finished


#3

The error message is the same


#4

Sorry I dont get it.
The error in 96univention-samba4.inst resolved itself after two days nothing done!!
However there is now an error with 98univention-samba4-dns.inst join scripts.

Cant see the similarities between the error messages.

RUNNING 98univention-samba4-dns.inst
2017-11-26 14:51:02.066393251+01:00 (in joinscript_init)
Waiting for RID Pool replication: …
Error no rIDSetReferences replicated for ucskvm2
EXITCODE=1

sön 26 nov 2017 14:54:30 CET
univention-run-join-scripts finished


#5

Yes I know …

So whats the output of

ucr get samba/interfaces
ucr get samba/interfaces/bindonly

#6

root@ucskvm2:~# ucr get samba/interfaces
lo <interfaces/primary>
root@ucskvm2:~# ucr get samba/interfaces/bindonly
yes

I have 2 interfaces on the box


#7

Ok then the solution of the mentioned thread doesn’t fit.


#8

Thanks for your help.

Problem resolved for the time beeing.

Removed all bridged interfaces and reset eth0/eth1
Rebooted the server and rerun univention-run-join-scripts.


#9

On Master:
root@ucs-8023:/home/Administrator# ucr get samba/interfaces
eth0
root@ucs-8023:/home/Administrator# ucr get samba/interfaces/bindonly
yes
root@ucs-8023:/home/Administrator#

On Slave:
root@ucs-7758:~# ucr get samba/interfaces
eth0
root@ucs-7758:~# ucr get samba/interfaces/bindonly
yes
root@ucs-7758:~#

On Backup:
root@ucs-6817:~# ucr get samba/interfaces
eth0
root@ucs-6817:~# ucr get samba/interfaces/bindonly
yes
root@ucs-6817:~#

univention-run-join-scripts on Slave and Backup:
Running 96univention-samba4.inst failed (exitcode: 1)
Running 97univention-s4-connector.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
Running 98univention-samba4-dns.inst failed (exitcode: 1)

ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: …/ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid


#10

Can you post the following output of the three systems (Master, Backup, Slave):
ucr search --brief interfaces

Are all servers in the same subnet?


#11

SLAVE:
ucs-7758:/home/Administrator# ucr search --brief interfaces
interfaces/./address:
interfaces/.
/broadcast:
interfaces/./ipv6/./address:
interfaces/./ipv6/./prefix:
interfaces/./ipv6/acceptRA:
interfaces/.
/mac:
interfaces/./mtu:
interfaces/.
/netmask:
interfaces/./network:
interfaces/.
/options/.:
interfaces/.
/order:
interfaces/./route/.:
interfaces/./start:
interfaces/.
/type:
interfaces/eth0/address: 172.16.6.66
interfaces/eth0/broadcast: 172.16.6.255
interfaces/eth0/netmask: 255.255.255.0
interfaces/eth0/network: 172.16.6.0
interfaces/eth0/type: static
interfaces/handler: ifplugd
interfaces/primary: eth0
interfaces/restart/auto:
mail/postfix/inet/interfaces: 127.0.0.1
samba/interfaces/bindonly: yes
samba/interfaces: eth0
samba/register/exclude/interfaces: docker0

BACKUP:
ucs-6817:~# ucr search --brief interfaces
interfaces/./address:
interfaces/.
/broadcast:
interfaces/./ipv6/./address:
interfaces/./ipv6/./prefix:
interfaces/./ipv6/acceptRA:
interfaces/.
/mac:
interfaces/./mtu:
interfaces/.
/netmask:
interfaces/./network:
interfaces/.
/options/.:
interfaces/.
/order:
interfaces/./route/.:
interfaces/./start:
interfaces/.
/type:
interfaces/eth0/address: 172.16.6.77
interfaces/eth0/broadcast: 172.16.6.255
interfaces/eth0/ipv6/acceptRA: false
interfaces/eth0/netmask: 255.255.255.0
interfaces/eth0/network: 172.16.6.0
interfaces/eth0/start: true
interfaces/eth0/type: static
interfaces/handler: ifplugd
interfaces/primary: eth0
interfaces/restart/auto:
mail/postfix/inet/interfaces: 127.0.0.1
samba/interfaces/bindonly: yes
samba/interfaces: eth0
samba/register/exclude/interfaces: docker0

MASTER:
ucs-8023:/home/Administrator# ucr search --brief interfaces
interfaces/./address:
interfaces/.
/broadcast:
interfaces/./ipv6/./address:
interfaces/./ipv6/./prefix:
interfaces/./ipv6/acceptRA:
interfaces/.
/mac:
interfaces/./mtu:
interfaces/.
/netmask:
interfaces/./network:
interfaces/.
/options/.:
interfaces/.
/order:
interfaces/./route/.:
interfaces/./start:
interfaces/.
/type:
interfaces/eth0/address: 172.16.6.55
interfaces/eth0/broadcast: 172.16.6.255
interfaces/eth0/ipv6/acceptRA: false
interfaces/eth0/netmask: 255.255.255.0
interfaces/eth0/network: 172.16.6.0
interfaces/eth0/start: true
interfaces/eth0/type: static
interfaces/handler: ifplugd
interfaces/primary: eth0
interfaces/restart/auto:
mail/postfix/inet/interfaces: 127.0.0.1
samba/interfaces/bindonly: yes
samba/interfaces: eth0 lo
samba/register/exclude/interfaces: docker0


#12

Thanks. Can you post the join.log? /var/log/univention/join.log of backup or slave?


#13

univention-run-join-scripts started
lun 5 feb 2018, 13.10.13, CET

RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 50nextcloud.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
2018-02-05 13:10:26.161819459+01:00 (in joinscript_init)
05.02.18 13:10:28.830 DEBUG_INIT
UNIVENTION_DEBUG_BEGIN : uldap.__open host=ucs-8023.cdlmvenezia.intranet port=7389 base=dc=cdlmvenezia,dc=intranet
UNIVENTION_DEBUG_END : uldap.__open host=ucs-8023.cdlmvenezia.intranet port=7389 base=dc=cdlmvenezia,dc=intranet
Not updating samba4/role
Restarting univention-directory-listener (via systemctl): univention-directory-listener.service.
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=cdlmvenezia,dc=intranet
WARNING: cannot append cn=DC Backup Hosts,cn=groups,dc=cdlmvenezia,dc=intranet to nestedGroup, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=cdlmvenezia,dc=intranet
WARNING: cannot append cn=ucs-7758,cn=dc,cn=computers,dc=cdlmvenezia,dc=intranet to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=cdlmvenezia,dc=intranet
Stopping samba-ad-dc (via systemctl): samba-ad-dc.service.
Stopping smbd (via systemctl): smbd.service.
Stopping nmbd (via systemctl): nmbd.service.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Restarting slapd (via systemctl): slapd.serviceWarning: Unit file of slapd.service changed on disk, ‘systemctl daemon-reload’ recommended.
.
Not updating windows/wins-support
Join against S4 Connector server: ucs-8023
Forest : cdlmvenezia.intranet
Domain : cdlmvenezia.intranet
Netbios domain : CDLMVENEZIA
DC name : ucs-8023.cdlmvenezia.intranet
DC netbios name : UCS-8023
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
workgroup is CDLMVENEZIA
realm is cdlmvenezia.intranet
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: …/ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet - …/ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 176, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 668, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1276, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1182, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 593, in join_add_objects
ctx.samdb.add(rec)
Adding CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet
Join failed - cleaning up
Failed to join against the S4 Connector server ucs-8023.
Forest : cdlmvenezia.intranet
Domain : cdlmvenezia.intranet
Netbios domain : CDLMVENEZIA
DC name : ucs-8023.cdlmvenezia.intranet
DC netbios name : UCS-8023
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
Finding a writeable DC for domain ‘cdlmvenezia.intranet’
Found DC ucs-8023.cdlmvenezia.intranet
workgroup is CDLMVENEZIA
realm is cdlmvenezia.intranet
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <00002071: …/ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet - …/ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 176, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 668, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1276, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1182, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 593, in join_add_objects
ctx.samdb.add(rec)
Adding CN=UCS-7758,OU=Domain Controllers,DC=cdlmvenezia,DC=intranet
Join failed - cleaning up
Failed to join the domain cdlmvenezia.intranet.
EXITCODE=1
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
2018-02-05 13:11:35.327046429+01:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1