After upgrade to 4.3-3 errata448 new users cannot sign into the ad

jminton · March 21, 2019, 4:22pm

root@ad:~# univention-s4connector-list-rejected

UCS rejected

S4 rejected

There may be no rejected DNs if the connector is in progress, to be
sure stop the connector before running this script.

    last synced USN: 307897

jminton · March 25, 2019, 5:14pm

now users created since the problem can no longer log into the active directory or their machines. I am re-importing a backed up appliance from 3/12 so that at least my users can access their machines and files

Christian_Voelker · March 26, 2019, 5:16pm

Hi,

just to mention:

There is not need to have the s4-connector running on the master. You can have it running on the backup as well.

The limitation is it is allowed to run only on a single server in the domain!

If it is running on your backup it is totally fine being masked and autostart=no on the master…

/CV

jminton · March 27, 2019, 4:04pm

● univention-directory-notifier.service - LSB: Univention Directory Notifier Daemon
   Loaded: loaded (/etc/init.d/univention-directory-notifier; generated; vendor preset: enabled)
   Active: active (exited) since Wed 2019-03-27 10:34:34 CDT; 6min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 6619 ExecStop=/etc/init.d/univention-directory-notifier stop (code=exited, status=0/SUCCESS)
  Process: 6777 ExecStart=/etc/init.d/univention-directory-notifier start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/univention-directory-notifier.service

Mar 27 10:34:34 ad systemd[1]: Starting LSB: Univention Directory Notifier Daemon...
Mar 27 10:34:34 ad univention-directory-notifier[6777]: Starting Univention Directory Notifier Daemon: univenti
Mar 27 10:34:34 ad univention-directory-notifier[6777]: .
Mar 27 10:34:34 ad systemd[1]: Started LSB: Univention Directory Notifier Daemon.

● univention-directory-listener.service - LSB: Univention Directory Listener Daemon
   Loaded: loaded (/etc/init.d/univention-directory-listener; generated; vendor preset: enabled)
   Active: active (exited) since Wed 2019-03-27 10:34:34 CDT; 6min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 6622 ExecStop=/etc/init.d/univention-directory-listener stop (code=exited, status=0/SUCCESS)
  Process: 6788 ExecStart=/etc/init.d/univention-directory-listener start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/univention-directory-listener.service

Mar 27 10:34:34 ad systemd[1]: Starting LSB: Univention Directory Listener Daemon...
Mar 27 10:34:34 ad univention-directory-listener[6788]: Starting Univention Directory Listener Daemon: univenti
Mar 27 10:34:34 ad systemd[1]: Started LSB: Univention Directory Listener Daemon.

root@ad:~# univention-check-join-status
Warning: 'nextcloud-uninstall' is not configured.
Error: Not all install files configured: 1 missing
root@ad:~# tail -f /var/log/univention/listener.log /var/log/univention/notifier.log
==> /var/log/univention/listener.log <==
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: ldap_server (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: nfs-homes (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: nss (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: quota (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: license_uuid (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: univention-saml-simplesamlphp-configuration (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: s4-connector (prepared=-1)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: keytab-member (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: nfs-shares (prepared=0)
27.03.19 10:41:51.547  LISTENER    ( INFO    ) : postrun handler: portal_category (prepared=0)

==> /var/log/univention/notifier.log <==
27.03.19 10:41:36.699  TRANSFILE   ( ALL     ) : ------------------------------

27.03.19 10:41:36.699  TRANSFILE   ( ALL     ) : Listener fd = 4

27.03.19 10:41:36.699  TRANSFILE   ( ALL     ) : Listener fd = 7

27.03.19 10:41:36.699  TRANSFILE   ( ALL     ) : Listener fd = 8

27.03.19 10:41:36.699  TRANSFILE   ( ALL     ) : ------------------------------

jminton · March 27, 2019, 4:31pm

new users are now showing up in active directory users and computers in my windows 10! How ever, I cannot sign in a newly created user up on a laptop. but the older users can be signed in. Its almost there. Any suggestions?

jminton · March 27, 2019, 6:06pm

also recently created users cannot log in. username or password incorrect

jminton · March 27, 2019, 8:00pm

would joining a DC backup to the master then Promoting it to master help in this situation?

Moritz_Bunkus · April 2, 2019, 7:41am

Maybe?

Is your S4 connector currently running (systemctl status univention-s4-connector.service)? Are there any rejects (univention-s4connector-list-rejected)?

Please log in to the UMC and run the system diagnostics (it can be found in the “system” section). Are any problems shown, and if so, which?

jminton · April 2, 2019, 2:27pm

I purchased a support contract and the Issue was resolved by univention. It was a problem with my backup active directory machine.Thank you for your Help!

Christian_Voelker · April 2, 2019, 2:30pm

Hi,

just for reference:
The S4-connector was running on the backup host (which is unusual but fine) and the listener/notifier where not in sync. Therefore nearly everything on the master looked fine (except s4-connector) but any user changes did not made it to samba (as the backup did not get updated information and therefore the s4-connector had nothing to sync).

The easiest way to fix was a re-join of the backup server.

Glad to help.

/CV