Benutzer können ihr passwort nicht mehr ändern!

Seit heute können User ihr PW nicht mehr ändern

folgende Fehlermeldung erscheint

Die Anfrage konnte nicht ausgeführt werden.

Fehlernachricht des Servers:

Passwort ändern fehlgeschlagen. Der Grund konnte nicht festgestellt werden. Für den Fall, dass es hilft, hier die originale Fehlernachricht: Errorcode 20: Stellen Sie sicher, dass der Kerberos Dienst läuft oder informieren Sie einen Administrator.

Hat jemand einen Rat??

Ergänzung installierte Version:

Die momentan installierte Version ist 4.1-3 errata313.

Hallo,

die angegebene Fehlermeldung tritt in der Tat auf, wenn der Kerberos-Dienst nicht läuft. Also schauen wir mal dort…

Welcher konkrete Dienst Kerberos liefert, hängt an Ihrer Softwareauswahl. Wenn Sie den “Active Directory Domänencontroller” installiert haben, stellt Samba den KDC, ansonsten ist es “heimdal-kdc”.
Ich vermute es geht um den OX, den Sie in früheren Posts erwähnten und tippe auf Heimdal.
Wenn Sie nicht aus die Kommandozeile wollen, können Sie unter System -> Systemdienste den Zustand einsehen und Dienste neu starten.
Ursachenforschung geht in der UMC nicht, dazu muß man schon die die Protokolle schauen.

Viele Grüße,
Dirk Ahrnke

Danke für die Info
heimdahl scheit zu laufen

oot@smail:/var/log# ls heimdal-kdc.log
heimdal-kdc.log
root@smail:/var/log# tail -f heimdal-kdc.log
2016-10-25T14:47:26 acl_file: /etc/heimdal-kdc/kadmind.acl
2016-10-25T14:47:26 listening on IPv6:::1 port 88/udp
2016-10-25T14:47:26 listening on IPv6:::1 port 88/tcp
2016-10-25T14:47:26 listening on IPv4:127.0.0.1 port 88/udp
2016-10-25T14:47:26 listening on IPv4:192.109.135.28 port 88/udp
2016-10-25T14:47:26 listening on IPv4:172.17.42.1 port 88/udp
2016-10-25T14:47:26 listening on IPv4:127.0.0.1 port 88/tcp
2016-10-25T14:47:26 listening on IPv4:192.109.135.28 port 88/tcp
2016-10-25T14:47:26 listening on IPv4:172.17.42.1 port 88/tcp
2016-10-25T14:47:26 KDC started

Bei der System-Fehlerdiagnose bekomme ich als Warnung:

Nameserver nicht ansprechbar.
Das gleiche System ist aber auch Nameserver für diese Domain.
Hat alles bis vor dem Update funktioniert

Wenn ich mir /usr/share/pyshared/univention/management/console/modules/diagnostic/plugins/nameserver.py ansehe, dürften bei der Fehlerdiagnose 2 wesentliche Prüfungen stattfinden.
Die konfigurierten Forwarder (‘dns/forwarder1’, ‘dns/forwarder2’, ‘dns/forwarder3’) werden gefragt, ob sie www,univention.de kennen. die konfigierten Nameserver (‘nameserver1’, ‘nameserver2’, ‘nameserver3’) sollen den Host (hostname) selbst auflösen.
Desweiteren sollte die Fehlermeldung auch angeben, welcher Nameserver das Problem ist.

msgs = ['\n', _('The nameserver %(nameserver)s (UCR variable %(var)r) is not responsive:') % {'nameserver': ucr[nameserver], 'var': nameserver}]

beim starten von bind9 kommen folgende Meldungen!

Oct 26 07:30:29 smail named[23378]: starting BIND 9.8.4-rpz2+rl005.12-P1 -c /etc/bind/named.conf -p 7777 -u bind -f -d 0
Oct 26 07:30:29 smail named[23378]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–enable-ipv6’ ‘–with-dlz-dlopen’ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’
Oct 26 07:30:29 smail named[23378]: ----------------------------------------------------
Oct 26 07:30:29 smail named[23378]: BIND 9 is maintained by Internet Systems Consortium,
Oct 26 07:30:29 smail named[23378]: Inc. (ISC), a non-profit 501©(3) public-benefit
Oct 26 07:30:29 smail named[23378]: corporation. Support and training for BIND 9 are
Oct 26 07:30:29 smail named[23378]: available at isc.org/support
Oct 26 07:30:29 smail named[23378]: ----------------------------------------------------
Oct 26 07:30:29 smail named[23378]: adjusted limit on open files from 4096 to 1048576
Oct 26 07:30:29 smail named[23378]: found 4 CPUs, using 4 worker threads
Oct 26 07:30:29 smail named[23378]: using up to 4096 sockets
Oct 26 07:30:29 smail named[23378]: loading configuration from ‘/etc/bind/named.conf’
Oct 26 07:30:29 smail named[23378]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Oct 26 07:30:29 smail named[23378]: using default UDP/IPv4 port range: [1024, 65535]
Oct 26 07:30:29 smail named[23378]: using default UDP/IPv6 port range: [1024, 65535]
Oct 26 07:30:29 smail named[23378]: listening on IPv6 interfaces, port 7777
Oct 26 07:30:29 smail named[23378]: listening on IPv4 interface lo, 127.0.0.1#7777
Oct 26 07:30:29 smail named[23378]: listening on IPv4 interface eth0, 192.109.135.28#7777
Oct 26 07:30:29 smail named[23378]: listening on IPv4 interface docker0, 172.17.42.1#7777
Oct 26 07:30:29 smail named[23378]: generating session key for dynamic DNS
Oct 26 07:30:29 smail named[23378]: sizing zone task pool based on 3 zones
Oct 26 07:30:29 smail named[23378]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Oct 26 07:30:29 smail named[23378]: Warning: ‘empty-zones-enable/disable-empty-zone’ not set: disabling RFC 1918 empty zones
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 0.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 127.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: D.F.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: A.E.F.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: B.E.F.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 26 07:30:29 smail named[23378]: command channel listening on 127.0.0.1#55555
Oct 26 07:30:29 smail named[23378]: zone hs-bremerhaven.de/IN: NS ‘studicloud.hs-bremerhaven.de’ has no address records (A or AAAA)
Oct 26 07:30:29 smail named[23378]: zone hs-bremerhaven.de/IN: not loaded due to errors.
Oct 26 07:30:29 smail named[23378]: managed-keys-zone ./IN: loaded serial 0
Oct 26 07:30:29 smail named[23378]: running
Oct 26 07:30:29 smail named[23378]: zone 135.20.172.in-addr.arpa/IN: sending notifies (serial 5)
Oct 26 07:30:29 smail named[23378]: zone 135.109.192.in-addr.arpa/IN: sending notifies (serial 9)
Oct 26 07:30:34 smail named[23393]: starting BIND 9.8.4-rpz2+rl005.12-P1 -c /etc/bind/named.conf.proxy -u bind -f -d 0
Oct 26 07:30:34 smail named[23393]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–enable-ipv6’ ‘–with-dlz-dlopen’ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’
Oct 26 07:30:34 smail named[23393]: ----------------------------------------------------
Oct 26 07:30:34 smail named[23393]: BIND 9 is maintained by Internet Systems Consortium,
Oct 26 07:30:34 smail named[23393]: Inc. (ISC), a non-profit 501©(3) public-benefit
Oct 26 07:30:34 smail named[23393]: corporation. Support and training for BIND 9 are
Oct 26 07:30:34 smail named[23393]: available at isc.org/support
Oct 26 07:30:34 smail named[23393]: ----------------------------------------------------
Oct 26 07:30:34 smail named[23393]: adjusted limit on open files from 4096 to 1048576
Oct 26 07:30:34 smail named[23393]: found 4 CPUs, using 4 worker threads
Oct 26 07:30:34 smail named[23393]: using up to 4096 sockets
Oct 26 07:30:34 smail named[23393]: loading configuration from ‘/etc/bind/named.conf.proxy’
Oct 26 07:30:34 smail named[23393]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Oct 26 07:30:34 smail named[23393]: using default UDP/IPv4 port range: [1024, 65535]
Oct 26 07:30:34 smail named[23393]: using default UDP/IPv6 port range: [1024, 65535]
Oct 26 07:30:34 smail named[23393]: listening on IPv6 interfaces, port 53
Oct 26 07:30:34 smail named[23393]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 26 07:30:34 smail named[23393]: listening on IPv4 interface eth0, 192.109.135.28#53
Oct 26 07:30:34 smail named[23393]: listening on IPv4 interface docker0, 172.17.42.1#53
Oct 26 07:30:34 smail named[23393]: generating session key for dynamic DNS
Oct 26 07:30:34 smail named[23393]: sizing zone task pool based on 8 zones
Oct 26 07:30:34 smail named[23393]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Oct 26 07:30:34 smail named[23393]: Warning: ‘empty-zones-enable/disable-empty-zone’ not set: disabling RFC 1918 empty zones
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: D.F.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: A.E.F.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: B.E.F.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 26 07:30:34 smail named[23393]: command channel listening on 127.0.0.1#953
Oct 26 07:30:34 smail named[23393]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 26 07:30:34 smail named[23393]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 26 07:30:34 smail named[23393]: zone 135.20.172.in-addr.arpa/IN: loaded serial 5
Oct 26 07:30:34 smail named[23393]: zone 135.109.192.in-addr.arpa/IN: loaded serial 9
Oct 26 07:30:34 smail named[23393]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 26 07:30:34 smail named[23393]: zone localhost/IN: loaded serial 2
Oct 26 07:30:34 smail named[23393]: managed-keys-zone ./IN: loaded serial 0
Oct 26 07:30:34 smail named[23393]: running
Oct 26 07:30:34 smail named[23393]: zone 135.109.192.in-addr.arpa/IN: sending notifies (serial 9)
Oct 26 07:30:34 smail named[23393]: zone hs-bremerhaven.de/IN: refresh: unexpected rcode (SERVFAIL) from master 127.0.0.1#7777 (source 0.0.0.0#0)
Oct 26 07:30:44 smail named[23393]: client 127.0.0.1#3006: received notify for zone ‘135.20.172.in-addr.arpa’
Oct 26 07:30:44 smail named[23393]: zone 135.20.172.in-addr.arpa/IN: notify from 127.0.0.1#3006: zone is up to date
Oct 26 07:30:44 smail named[23393]: client 127.0.0.1#3006: received notify for zone ‘135.109.192.in-addr.arpa’
Oct 26 07:30:44 smail named[23393]: zone 135.109.192.in-addr.arpa/IN: notify from 127.0.0.1#3006: zone is up to date

Es scheint dort Probleme mit 127.0.0.1 zu geben.
Gruß H. Otten

Ich vermute die Ursache eher hier:

Oct 26 07:30:29 smail named[23378]: zone hs-bremerhaven.de/IN: NS 'studicloud.hs-bremerhaven.de' has no address records (A or AAAA) Oct 26 07:30:29 smail named[23378]: zone hs-bremerhaven.de/IN: not loaded due to errors.