I am currently using UCS 5.0-3 errata622 connected as an active directory member.
The users and groups are synced from AD to UCS.
Some months ago, I had some problems with the sync not working anymore, which I ultimatly fixed by resetting the AD-computer account password to the one in /etc/machine.secret
(I probably did some other changes but I cannot list them now)
Now I have a strange problem:
(for testing purposes I have changed the server/password/interval setting to 7 days)
I can see that UCS changes the password in /etc/machine.secret but not the AD computer account, so the sync breaks and i get those errors:
sudo tail -n 25 /var/log/univention/connector-ad-status.log self.get_kerberos_ticket() File "/usr/lib/python3/dist-packages/univention/connector/ad/__init__.py", line 677, in get_kerberos_ticket raise kerberosAuthenticationFailed('The following command failed: "%s" (%s): %s' % (' '.join(cmd_block), p1.returnco de, stdout.decode('UTF-8', 'replace'))) univention.connector.ad.kerberosAuthenticationFailed: The following command failed: "kinit --no-addresses --password-fil e=/tmp/tmpqe16mlqb ucs-nextcloud$" (1): kinit: Password incorrect
Now when I put the old AD-computer password in /etc/machine.secret, the sync works again but there are some other auth issues for example when using sudo with a domain admin user…
sudo: Fehler beim PAM-Account-Management: Berechtigungsnachweis für Zugriff auf Authentifizierungsdaten nicht ausreichend:
… or trying to login to the ucs management webinterface.
Any ideas? Thanks