Error on upgrade

Ebrahim_Elsayed · November 30, 2015, 7:24pm

univention-upgrade --ignoressh

Starting univention-upgrade. Current UCS version is 4.0-4 errata364

Checking for local repository: none
Checking for release updates: found: UCS 4.1-0

Do you want to update to 4.1-0 [Y|n]? y

Starting update to UCS version 4.1-0

HINT:
Please check the release notes carefully BEFORE updating to UCS 4.1-0:
English version: docs.software-univention.de/rel … -0-en.html
German version: docs.software-univention.de/rel … -0-de.html

Please also consider documents of following release updates and
3rd party components.

Do you want to continue [Y/n]? y

Checking for space on /var/cache/apt/archives: OK
Checking for space on /boot: OK
Checking for space on /: OK
Checking for package status: OK
Checking LDAP schema: OK
ERROR: A LDAP connection to the configured LDAP servers with the machine
account has failed (invalid credentials)!
This MUST be fixed before the update can continue.

   This problem can be corrected by setting the content of the file
   /etc/machine.secret to the password of the computer object using
   Univention Management Console.

Moritz_Bunkus · December 1, 2015, 8:13am

Please trigger a manual password change on the problematic server before re-running the upgrade. This support database entry lays out how to do that.

Ebrahim_Elsayed · December 1, 2015, 5:16pm

root@dc-mgt-01:~# /usr/lib/univention-server/server_password_change failed to contact LDAP server: cannot connect with univention-ldapsearch root@dc-mgt-01:~# univention-ldapsearch ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) ldap_start_tls: Can't contact LDAP server (-1) root@dc-mgt-01:~#

Ebrahim_Elsayed · December 2, 2015, 12:23am

i’m fix this problem , but i have other problem

tail -f /var/log/univention/join.log /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server /usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server

ldapmodify SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_0): No such file or directory)

Ebrahim_Elsayed · December 2, 2015, 1:14am

[code]ldap.INVALID_CREDENTIALS: {‘desc’: ‘Invalid credentials’}
Restarting Name Service Cache Daemon: nscd.
setfacl: Option -m: Invalid argument near character 3
Error: Could not set fACL for /var/lib/samba/sysvol
EXITCODE=2
RUNNING 97univention-s4-connector.inst
2015-12-02 03:13:11.229344481+02:00 (in joinscript_init)
Traceback (most recent call last):
File “”, line 4, in
File “/usr/lib/pymodules/python2.7/univention/lib/admember.py”, line 133, in is_domain_in_admember_mode
lo = univention.uldap.getMachineConnection()
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 101, in getMachineConnection
lo=access(host=ucr[‘ldap/master’], port=port, base=ucr[‘ldap/base’], binddn=ucr[‘ldap/hostdn’], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 177, in init
self.__open(ca_certfile)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 219, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 860, in _apply_method_s
return func(self,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {‘desc’: ‘Invalid credentials’}
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
authentication error: Authentication failed
EXITCODE=3

Wed Dec 2 03:13:12 EET 2015
univention-run-join-scripts finished

/usr/share/univention-directory-manager-tools/univention-dnsedit: timeout while trying to contact LDAP server[/code]

Moritz_Bunkus · December 3, 2015, 12:38pm

Is this the DC master you’re running the upgrade on?

Can you search the LDAP directory by running “univention-ldapsearch” on the DC master? If not, is the LDAP server running (process “slapd”, listening on port 7389)? If not try to start it.