I have a UCS 5.0-2 system that has for several years been a member of a Microsoft AD Domain (Windows Server 2016 Std). Recently I realized that new user accounts created in the MS AD were not being synced into the User module in the UCS UMC. I’m assuming (but cannot say definitely) that this has occurred with the upgrade of UCS from version 4 to 5.
So if I do an univention-adsearch from the ucs console I get:-
root@kopano:/# univention-adsearch cn=administrator kdestroy: krb_cc_destroy: Did not find a plugin for ccache_ops kinit: Password incorrect WARNING: The option -k|--kerberos is deprecated! Failed to bind - LDAP client internal error: NT_STATUS_UNSUCCESSFUL Failed to connect to 'ldap://myserver.mydomain.lan:389' with backend 'ldap': LDAP client internal error: NT_STATUS_UNSUCCESSFUL Failed to connect to ldap://myserver.mydomain.lan:389 - LDAP client internal error: NT_STATUS_UNSUCCESSFUL
So I take it that UCS is failing password auth to the MS-AD. I’ve seen various similar reports in other posts here stating that the password needs to be set in /etc/machine.secret , but I’m unaware of whether that’s a clear text password or a password hash of some description?
My thinking was that I might be able to re-run the AD Connector domain join wizard but cannot find how to do that through the UMC. I’ve uninstalled & re-installed the AD Connector but this neither remedies the situation or provides me with an opportunity to re-enter domain credentials for the AD join.
So I’m just looking to see if someone can gently steer me in the correct direction to resolve the issue?