Hi
root@email:~# univention-ldapsearch
ldap_bind: Invalid credentials (49)
root@email:~#
I try
udm computers/domaincontroller_master modify \
--dn "$(ucr get ldap/hostdn)" --set password="$pass"
echo -n "$pass" >/etc/machine.secret
echo "$pass" >/etc/libnss-ldap.secret
But still not working
Hi,
did your try to reset the password for the users “root” and “Administrator” with the udm command?
I doubt it will work as your above command indeed are correct and should work.
What does ucr get ldap/hostdn say?
/CV
Not yet try to reset password
I try again
root@email:~# univention-ldapsearch
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed
It seem no password in machine.secret
root@email:~# ucr get ldap/hostdn
Thank you
Hi,
try to run the join script again which usually creates the machine.secret:
univention-run-join-scripts --ask-pass -dcaccount administrator --force --run-scripts 10univention-ldap-server.inst
If this does not work, do the following:
password="1234QWERasdf"
udm computers/domaincontroller_master modify --dn "$(ucr get ldap/hostdn)" --set password=$password
echo -n $password > /etc/machine.secret
chmod 0600 /etc/machine.secret
If this does not work I am out of options or there might be some additional issue on your system.
It asks for DC Master Password where I can fiind the password?
Well, this is the password you assigned during installation.
The password of your user “Administrator”.
If you forgot this, too you might need to acquire some more experience in administrating server operation systems.
Otherwise you have a chance to reset by this way:
root@master:~# udm users/user list --filter uid=Administrator | grep "DN:"
DN: uid=Administrator,cn=users,dc=multi,dc=de
Use this dn to reset the password for the account:
root@master:~# udm users/user modify --dn="uid=Administrator,cn=users,dc=multi,dc=ucs" --set password="never_before_used_password"
/CV
result is
root@email:~# univention-run-join-scripts --ask-pass -dcaccount administrator --force --run-scripts 10univention-ldap-server.inst
Enter DC Master Password:
Search LDAP binddn Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
**************************************************************************
* Running join scripts failed! *
**************************************************************************
* Message: binddn for user administrator not found
**************************************************************************
I use Root passord for DC Master Password
root@email:~# udm users/user modify --dn="uid=Administrator,cn=users,dc=pluscard,dc=com" --set password="NewPassword"
Value may not change: key=password old={KINIT} new=NewPassword
root@email:~#
Result
root@email:~# password="1234QWERasdf"
root@email:~# udm computers/domaincontroller_master modify --dn $(get ldap/hostdn) --set password=$password
-bash: get: command not found
LDAP Error: Invalid DN syntax: invalid DN: --set
root@email:~# echo -n $password > /etc/machine.secret
root@email:~# chmod 0600 /etc/machine.secret
Hi,
my fault. Typo.
Use:
password="1234QWERasdf"
udm computers/domaincontroller_master modify --dn "$(ucr get ldap/hostdn)" --set password=$password
echo -n $password > /etc/machine.secret
chmod 0600 /etc/machine.secret
1 Like
It works now for login UMC management for Root and Administrator user but I can’t login into OX Appsuite
Hi,
I have no clue about OX.
Possibly you might need to re-run the join scripts?
univention-run-join-scripts --force
/CV
EDIT:
Objection!
You are not supposed to do a
univention-run-join-scripts --force
on a DC master /primary! This will cause more damage than it heals
There are two failed and still not work
root@email:~# univention-run-join-scripts --force
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2018 Univention GmbH, Germany
Running 01univention-ldap-server-init.inst done
Running 02univention-directory-notifier.inst done
Running 03univention-directory-listener.inst done
Running 04univention-ldap-client.inst done
Running 05univention-bind.inst done
Running 08univention-apache.inst done
Running 10univention-ldap-server.inst failed (exitcode: 3)
Running 11univention-heimdal-init.inst done
Running 11univention-pam.inst done
Running 15univention-directory-notifier-post.inst done
Running 15univention-heimdal-kdc.inst done
Running 18python-univention-directory-manager.inst done
Running 20univention-directory-policy.inst done
Running 20univention-join.inst done
Running 26univention-nagios-common.inst done
Running 26univention-samba.inst failed (exitcode: 2)
Running 30univention-appcenter.inst done
Running 30univention-nagios-client.inst done
Running 31univention-nagios-ad-connector.inst done
Running 33univention-portal.inst done
Running 34univention-management-console-server.inst done
Running 34univention-self-service.inst done
Running 35univention-appcenter-docker.inst done
Running 35univention-management-console-module-adconnector.done
Running 35univention-management-console-module-appcenter.indone
Running 35univention-management-console-module-diagnostic.idone
Running 35univention-management-console-module-ipchange.insdone
Running 35univention-management-console-module-join.inst done
Running 35univention-management-console-module-lib.inst done
Running 35univention-management-console-module-mrtg.inst done
Running 35univention-management-console-module-pkgdb.inst done
Running 35univention-management-console-module-quota.inst done
Running 35univention-management-console-module-reboot.inst done
Running 35univention-management-console-module-services.insdone
Running 35univention-management-console-module-setup.inst done
Running 35univention-management-console-module-sysinfo.instdone
Running 35univention-management-console-module-top.inst done
Running 35univention-management-console-module-ucr.inst done
Running 35univention-management-console-module-udm.inst done
Running 35univention-management-console-module-updater.instdone
Running 35univention-self-service-passwordreset-umc.inst done
Running 35univention-server-overview.inst done
Running 36univention-management-console-module-apps.inst done
Running 38univention-management-console-module-oxldb.inst done
Running 40univention-postgresql.inst done
Running 40univention-virtual-machine-manager-schema.inst done
Running 50univention-pkgdb.inst done
Running 65univention-ox.inst done
Running 67univention-mail-server.inst done
Running 81univention-ad-connector.inst done
Running 81univention-nfs-server.inst done
Running 82univention-mail-dovecot.inst done
Running 90univention-bind-post.inst done
Running 91univention-saml.inst done
Running 92univention-management-console-web-server.inst done
Running 98univention-pkgdb-tools.inst done
I try to rejoin to get log
univention-run-join-scripts started
Fri Oct 26 15:14:35 +07 2018
RUNNING 10univention-ldap-server.inst
2018-10-26 15:14:35.723863770+07:00 (in joinscript_init)
Adding SRV record "ldap tcp 0 100 7389 email.domain.com." to zone domain.com...
done
Adding ZONE record "root@domain.com. 1 28800 10800 604800 108001 email.domain.com." to zone 10.0.200...
Adding SRV record "domaincontroller_master tcp 0 0 0 email.domain.com." to zone domain.com...
done
Object exists: cn=Univention,cn=packages,cn=univention,dc=domain,dc=com
Object exists: cn=Fernwartung,cn=packages,cn=univention,dc=domain,dc=com
Object exists: cn=Tools,cn=packages,cn=univention,dc=domain,dc=com
Object exists: cn=Multimedia,cn=packages,cn=univention,dc=domain,dc=com
Object exists: cn=Entwicklung,cn=packages,cn=univention,dc=domain,dc=com
LDAP Error: Type or value exists: modify/add: uniqueMember: value #0 already exists
__JOINERR__:FAILED: /usr/lib/univention-install/10univention-ldap-server.inst
EXITCODE=3
Fri Oct 26 15:15:06 +07 2018
univention-run-join-scripts finished
cp: cannot stat '': No such file or directory
univention-run-join-scripts started
Fri Oct 26 15:16:29 +07 2018
RUNNING 26univention-samba.inst
2018-10-26 15:16:29.882328966+07:00 (in joinscript_init)
INFO: Cannot run joinscript in memberserver mode without join credentials. Please run:
univention-run-join-scripts --ask-pass
to complete the domain join.
EXITCODE=2
Fri Oct 26 15:16:30 +07 2018
univention-run-join-scripts finished
I try to run join scrip with other account(Admin permission) by
univention-run-join-scripts --ask-pass -dcaccount management --force --run-scripts 26univention-samba.inst
root@email:~# univention-run-join-scripts --ask-pass -dcaccount management --force --run-scripts 26uni vention-samba.inst
Enter DC Master Password:
Search LDAP binddn ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Insufficient access (50)
**************************************************************************
* Running join scripts failed! *
**************************************************************************
* Message: binddn for user management not found
**************************************************************************
root@email:~# univention-run-join-scripts --ask-pass -dcaccount root --force --run-scripts 26univentio n-samba.inst
Enter DC Master Password:
Search LDAP binddn Insufficient access (50)
**************************************************************************
* Running join scripts failed! *
**************************************************************************
* Message: binddn for user root not found
**************************************************************************
root@email:~#
Now I can’t login into UMC again after reboot server, I can only login with Root user
I dunno what you are doing on your site. My posted command does not have any links to the administrator user account properties.
I have seen you where trying to use an account named “management” instead of administrator. It is very difficult to help when steps are mixed up.
And when you get different information. Some posts before your wrote:
It works now for login UMC management for Root and Administrator user but I can’t login into OX Appsuite
So I have no clue what you are currently trying to do and which username you are using.
/CV
khampasith:
result is
root@email:~# univention-run-join-scripts --ask-pass -dcaccount administrator --force --run-scripts 10univention-ldap-server.inst
Enter DC Master Password:
Search LDAP binddn Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
**************************************************************************
* Running join scripts failed! *
**************************************************************************
* Message: binddn for user administrator not found
**************************************************************************
I use Root passord for DC Master Password
I just try another user to run join script because I try to run as Administrator user there is an error
What tells us::
univention-ldapsearch "uid=administrator"
?