Found this in /var/log/univention/connector-ad-status.log
Tue Jul 6 14:39:46 2021
— connect failed, failure was: —
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/connector/ad/main.py”, line 244, in main
connect(options)
File “/usr/lib/python3/dist-packages/univention/connector/ad/main.py”, line 116, in connect
ad.init_ldap_connections()
File “/usr/lib/python3/dist-packages/univention/connector/ad/init.py”, line 535, in init_ldap_connections
self.open_ad()
File “/usr/lib/python3/dist-packages/univention/connector/ad/init.py”, line 692, in open_ad
self.get_kerberos_ticket()
File “/usr/lib/python3/dist-packages/univention/connector/ad/init.py”, line 669, in get_kerberos_ticket
raise kerberosAuthenticationFailed(‘The following command failed: “%s” (%s): %s’ % (’ '.join(cmd_block), p1.returncode, stdout.decode(‘UTF-8’, ‘replace’)))
univention.connector.ad.kerberosAuthenticationFailed: The following command failed: “kinit --no-addresses --password-file=/tmp/tmph55do7jk ucs-bdc$” (1): kinit: krb5_get_init_creds: unable to reach any KDC in realm REALDOMAIN.COM
–
I am wondering if something went wrong with samba4 - I did have to reinstall it in the process of the upgrade - root@ucs-bdc:~# samba-tool drs showrepl
ERROR(<class ‘samba.drs_utils.drsException’>): DRS connection to ucs-bdc. failed - drsException: DRS connection to ucs-bdc. failed: (3221225524, ‘The object name is not found.’)
File “/usr/lib/python3/dist-packages/samba/netcmd/drs.py”, line 55, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File “/usr/lib/python3/dist-packages/samba/drs_utils.py”, line 63, in drsuapi_connect
raise drsException(“DRS connection to %s failed: %s” % (server, e))
root@ucs-bdc:~# samba-tool drs replicate destinationhost sourcehost dc=domain,dc=base
ERROR(<class ‘samba.drs_utils.drsException’>): DRS connection to destinationhost failed - drsException: DRS connection to destinationhost failed: (3221225524, ‘The object name is not found.’)
File “/usr/lib/python3/dist-packages/samba/netcmd/drs.py”, line 55, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File “/usr/lib/python3/dist-packages/samba/drs_utils.py”, line 63, in drsuapi_connect
raise drsException(“DRS connection to %s failed: %s” % (server, e))
root@ucs-bdc:~#
I am a little unsure at this point if samba4 is running - this seems to indicate no?
root@ucs-bdc:~# dpkg -l univention-samba4
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
++±=================-============-============-=================================
un univention-samba4 (no description available)
root@ucs-bdc:~# kinit --password-file=/etc/machine.secret $(hostname)$
kinit: krb5_get_init_creds: unable to reach any KDC in realm REALDOMAIN.COM
root@ucs-bdc:~# klist
klist: No ticket file: /tmp/krb5cc_0
root@ucs-bdc:~#
root@ucs-bdc:~# host -t srv “_domaincontroller_master._tcp.$(ucr get domainname).” 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
_domaincontroller_master._tcp.belldesign.com has SRV record 0 0 0 ucs-bdc.REALDOMAIN.com.
root@ucs-bdc:~# host -la multi.ucs
Trying “multi.ucs”
Host multi.ucs not found: 9(NOTAUTH)
; Transfer failed.
root@ucs-bdc:~# ucr dump| grep -E “samba/interfaces|interfaces/primary”
interfaces/primary: eno1
root@ucs-bdc:~# samba-tool fsmo show
ERROR(<class ‘AttributeError’>): uncaught exception - ‘NoneType’ object has no attribute ‘canonical_str’
File “/usr/lib/python3/dist-packages/samba/netcmd/init.py”, line 186, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python3/dist-packages/samba/netcmd/fsmo.py”, line 444, in run
forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name())
File “/usr/lib/python3/dist-packages/samba/samdb.py”, line 1001, in forest_dns_name
return forest_dn.canonical_str().split(’/’)[0]
root@ucs-bdc:~#
I guess I am wondering if I should try to reinstall samba4 but I dont want to interrupt the users accessing wekan without knowing the potential outcome, any help appreciated. This seems like it should show samba4 and not ldap?
root@ucs-bdc:~# ucr get dns/backend
ldap
and:
root@ucs-bdc:~# samba-tool drs showrepl
ERROR(<class ‘samba.drs_utils.drsException’>): DRS connection to ucs-bdc. failed - drsException: DRS connection to ucs-bdc. failed: (3221225524, ‘The object name is not found.’)
File “/usr/lib/python3/dist-packages/samba/netcmd/drs.py”, line 55, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File “/usr/lib/python3/dist-packages/samba/drs_utils.py”, line 63, in drsuapi_connect
raise drsException(“DRS connection to %s failed: %s” % (server, e))
root@ucs-bdc:~#
I am wondering if this process needs to be run:
1.1. Operating Samba 4 as a read-only domain controller(https://www.univention.com/feedback/?manual=samba:doc)
Active Directory offers an operating mode called read-only domain controller (RODC) with the following properties:
- The data are only stored in read-only format; all write changes must be performed on another domain controller.
- Consequently, replication is only performed in one direction.
A comprehensive description can be found in the Microsoft TechNet Library [technet-rodc].
A Samba 4 domain controller can be operated in RODC mode (on a slave domain controller for example). Prior to the installation of univention-samba4, the Univention Configuration Registry variable samba4/role must be set to RODC :
ucr set samba4/role=RODC univention-install univention-samba4 univention-run-join-scripts
Well, looks liek samba is at leats running
root@ucs-bdc:~# sudo systemctl status smbd
● smbd.service - LSB: Samba SMB/CIFS daemon (smbd)
Loaded: loaded (/etc/init.d/smbd; generated)
Active: active (running) since Tue 2021-07-06 14:13:02 PDT; 21h ago
Docs: man:systemd-sysv-generator(8)
Process: 1286 ExecStart=/etc/init.d/smbd start (code=exited, status=0/SUCCESS)
Tasks: 4 (limit: 4915)
Memory: 17.6M
CGroup: /system.slice/smbd.service
├─1417 /usr/sbin/smbd -D
├─1426 /usr/sbin/smbd -D
├─1427 /usr/sbin/smbd -D
└─1542 /usr/sbin/smbd -D
Jul 06 14:12:53 ucs-bdc systemd[1]: Starting LSB: Samba SMB/CIFS daemon (smbd)…
Jul 06 14:13:02 ucs-bdc smbd[1286]: Starting SMB/CIFS daemon: smbd.
Jul 06 14:13:02 ucs-bdc systemd[1]: Started LSB: Samba SMB/CIFS daemon (smbd).
Jul 06 14:13:10 ucs-bdc smbd[1417]: [2021/07/06 14:13:10.371966, 0] …/…/lib/util/become_daemon.c:136(daemon_ready)
Jul 06 14:13:10 ucs-bdc smbd[1417]: daemon_ready: daemon ‘smbd’ finished starting up and ready to serve connections
root@ucs-bdc:~# samba --version
Version 4.13.7-Univention
root@ucs-bdc:~#