Hallo,
wir haben bei einem Kunden einen Windows Server 2012 mit AD und unseren Server als Member verbunden mit Owncloud. Seit einem Update auf die neuste Owncloud haben wir nun leider keine LDAP Verbindung mehr.
UCS Server $.4.14 errata
connector.log
14.07.2017 10:56:27,125 MAIN (------ ): DEBUG_INIT
14.07.2017 10:57:32,192 MAIN (------ ): DEBUG_INIT
14.07.2017 10:58:37,247 MAIN (------ ): DEBUG_INIT
14.07.2017 10:59:42,310 MAIN (------ ): DEBUG_INIT
14.07.2017 11:00:47,339 MAIN (------ ): DEBUG_INIT
14.07.2017 11:01:52,368 MAIN (------ ): DEBUG_INIT
14.07.2017 11:02:57,421 MAIN (------ ): DEBUG_INIT
14.07.2017 11:04:02,487 MAIN (------ ): DEBUG_INIT
14.07.2017 11:05:07,551 MAIN (------ ): DEBUG_INIT
14.07.2017 11:06:12,618 MAIN (------ ): DEBUG_INIT
14.07.2017 11:07:17,665 MAIN (------ ): DEBUG_INIT
14.07.2017 11:08:22,733 MAIN (------ ): DEBUG_INIT
14.07.2017 11:09:27,792 MAIN (------ ): DEBUG_INIT
14.07.2017 11:10:32,843 MAIN (------ ): DEBUG_INIT
14.07.2017 11:11:37,903 MAIN (------ ): DEBUG_INIT
listener.log:
14.07.17 11:12:12.420 LISTENER ( WARN ) : chosen server: UC01RZ03.ppa.local:7389
14.07.17 11:12:12.421 LDAP ( ERROR ) : start_tls: Can’t contact LDAP server
14.07.17 11:12:12.421 LISTENER ( WARN ) : can not connect to LDAP server UC01RZ03.ppa.local:7389
14.07.17 11:12:12.421 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
14.07.17 11:12:42.421 LISTENER ( WARN ) : chosen server: UC01RZ03.ppa.local:7389
14.07.17 11:12:42.421 LDAP ( ERROR ) : start_tls: Can’t contact LDAP server
14.07.17 11:12:42.421 LISTENER ( WARN ) : can not connect to LDAP server UC01RZ03.ppa.local:7389
14.07.17 11:12:42.421 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
connector-status.log
Warning: Can’t initialize LDAP-Connections, wait…
Warning: Can’t initialize LDAP-Connections, wait…
Warning: Can’t initialize LDAP-Connections, wait…
Warning: Can’t initialize LDAP-Connections, wait…
Das haben wir schon durchgeführt:
Zertifkat importiert
http://docs.software-univention.de/manual-4.1.html#ad-connector:general
http://sdb.univention.de/content/6/314/en/reinitialize-active-directory-connector.html
http://sdb.univention.de/content/6/321/en/speed-up-ldap_binds-on-ad-member-mode-systems.html
root@UC01RZ03:~# univention-ldapsearch
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
ldap_start_tls: Can’t contact LDAP server (-1)
^C
root@UC01RZ03:~# univention-run-join-scripts
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright © 2001-2017 Univention GmbH, Germany
Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 26univention-samba.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 31univention-nagios-ad-connector.inst skipped (already executed)
Running 34univention-management-console-server.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-adconnector.skipped (already executed)
Running 35univention-management-console-module-appcenter.inskipped (already executed)
Running 35univention-management-console-module-diagnostic.iskipped (already executed)
Running 35univention-management-console-module-ipchange.insskipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-mrtg.inst skipped (already executed)
Running 35univention-management-console-module-passwordchanskipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.insskipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.instskipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.instskipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst skipped (already executed)
Running 50owncloud82.inst skipped (already executed)
Running 81univention-ad-connector.inst skipped (already executed)
Running 81univention-nfs-server.inst skipped (already executed)
Running 90univention-bind-post.inst skipped (already executed)
Running 91univention-saml.inst skipped (already executed)
Running 92univention-management-console-web-server.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
root@UC01RZ03:~# ucr search --brief connector/ad
connector/ad/autostart: yes
connector/ad/ldap/base: DC=cc,DC=local
connector/ad/ldap/binddn: Administrator
connector/ad/ldap/bindpw: /etc/univention/connector/password
connector/ad/ldap/certificate: /etc/univention/connector/ad/ad_cert_20170714_092416.pem
connector/ad/ldap/host: AD01.cc.local
connector/ad/ldap/kerberos: true
connector/ad/ldap/port: 389
connector/ad/ldap/ssl: yes
connector/ad/listener/dir: /var/lib/univention-connector/ad
connector/ad/mapping/container/ignorelist: mail,kerberos
connector/ad/mapping/group/grouptype: true
connector/ad/mapping/group/ignorelist: Windows Hosts,DC Slave Hosts,DC Backup Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Computers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self
connector/ad/mapping/group/language: de
connector/ad/mapping/group/primarymail: true
connector/ad/mapping/group/table/Printer-Admins: Druck-Operatoren
connector/ad/mapping/syncmode: read
connector/ad/mapping/user/ignorelist: krbtgt,root,pcpatch
connector/ad/mapping/user/primarymail: true
connector/ad/poll/sleep: 5
connector/ad/retryrejected: 10
root@UC01RZ03:~# host $(ucr get connector/ad/ldap/host)
AD01.cc.local has address 192.168.0.200
Was können wir noch tun?