Domain Join Ubuntu 22.04 - Failed (with updated Join Script)

MCN · November 28, 2022, 12:54pm

Thank you very much once again.

pmhahn:

Next would then be to resolve the host-name from the SRV record to an IP address by doing:

dig +short -p 53 @127.0.0.53 ucs-123.codenauten.intranet. any  # ❓
dig +short -p 53 @192.168.2.1 ucs-123.codenauten.intranet. any  # ❌
dig +short -p 53 @IP.of.your.UCS ucs-1234.codenauten.intranet. any # ✅

I did all three of them (with my UCS number ofc)
The first two of them does return without any information
The last one returned IP.of.my.UCS

Just in case i also tried the older ones from your post before with the +short

dig +short -p 53 @127.0.0.53 _domaincontroller_master._tcp.codenauten.intranet. srv  # ❓
dig +short -p 53 @192.168.2.1 _domaincontroller_master._tcp.codenauten.intranet. srv  # ❌
dig +short -p 53 @IP.of.your.UCS _domaincontroller_master._tcp.codenauten.intranet. srv # ✅

The first and third command return:
0 0 0 ucs-1234.codenauten.intranet.

Second returns nothing

i already wondern about the .con ending.
I changed it to .conf and restarted the service.
I tried to use the GUI. Nope
I tried to use the CLI. Nope

pmhahn:

domain.intranet is your domain name: it’s a hierarchical name-space which allows you (and anybody in the world) to group your devices under a common name. If others are supposed to use that name it must be registered at a public registrar, but as long as you use the name only internally you can mostly use any name you like, but make sure to not shadow any public domain like univention.de or github.com.

ucs-123.domain.intranet is a FQHN of one of your devices , e.g. your UCS server. It splits into the host-name ucs-123 in the domain named domainname.intranet.

sub.domain.tld is yet another name for your UCS server: Any device can have multiple names, e.g. multiple internal and multiple public names. The host does not care if it has multiple names: internally it has a hostname and one or more IP addresses. How they resolve to names is managed by DNS and might also depend on the actual DNS server you ask:

Any public DNS server probably knows nothing about domain.intranet and will not be able to resolve a IP address from a private address range like 192.168.2.X to any name.

Only your UCS server will know about domain.intranet and will be able to resolve its name ucs-1234.domain.intranet to its IP address 192.168.2.X.

So the domain.intranet is the one i need to use whenever Univention refers to “domain name”?
So this one is internal and needed whenever i like to build a bigger/complexer system with multiple Servers (f.e. a Backup server or another Storage server)?
Ok, so this one can be used by external user? For example for the nextcloud UCS app(sub.domain.tld/nextcloud). As this propangated by public DNS.
- I did made a Lets Encrypt certificate at my domain provider. How do i need to integrate this into Apace/UCS in order to be accepted? (At this moment user get the message the page is unsafe [due to the UCS custom certificate], whenever they use either sub.domain.tld or ip)

PS: I really appreciate your support on this issue!