98univention-samba4-dns.inst problem after UCS Master restore

UCS - Univention Corporate Server
#1

Hello,

I had to recover my VM Master UCS 4.4-2 errata301. from a previous date(is in a Virtual Machine). After that, i’m having problem with 98univention-samba4-dns.inst to rejoin a backup server 4.4-2 errata301… It does not finish because it says “looking for spn account “dns-UCS02” in local samba”. This message is repeated many time till it dies.
I tried to add the spn manually wtih “/usr/share/univention-samba4/scripts/create_spn_account.sh --samaccountname “dns-UCS02” --serviceprincipalname “DNS/UCS02.tredi.priv” --privatekeytab dns.keytab” to the UCS Master, but got the same message.
This problem occurs even when i try to join a new backup server.
I found no solution on the other topics.

#2

Now i saw that when i search a new created user, it did not create in my native domain. i have 2 domains. 1 is test.test the other is test1.test1 . The master was created with test.test and test1.test1 was created as new. The ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName=“testuser” dn | sed -n ‘s/^dn: (.*)/\1/p’ does not show nothing. But the same search with the an existing user show CN=test1user,CN=Users,DC=test,DC=test. This means that the new users are created in test1.test1(LDAP directory) only.
New created users cannot login to the domain. This is because a new user is created in test1.test1 and not in test.test which is the primary and were the desktops are joined.
So users are not created in /var/lib/samba/private/sam.ldb

#3

For now i resolved the population of sam.ldb with this article: Samba 4 - RID Pool renewal

New created users can login in domain. Even join works ok. Case solved :slight_smile:

Mastodon