Join after installation of OpenProject stucks at Download host certificate

join
ucs-4-2

#1

I installed OpenVPN on UCS 4.2 like described at https://www.univention.de/2017/05/sichere-automatische-samba-authentifizierungen-durch-openvpn/ . Therefore I did

ucr set ssl/host/objectclass= 'univentionDomainController, univentionMemberServer, univentionClient, univentionMobileClient, univentionCorporateClient, univentionWindows' and univention-directory-listener-ctrl resync gencertificate.

If i try now to install OpenProject via cli univention-app install openproject this installation stucks at

Download host certificate: …

the join.log does not show any errors, the listener neither. Does anyone has a idear what this could be related to?
Thanks


#2

Hi

"Download host certificate: " means that the “joining” hosts copies the /etc/univention/ssl/$HOSTNAME directory from the UCS Master (scp). Sometimes, i’m not sure why, this directory has not yet the correct permissions so that “$HOSTNAME” is not allowed the read these files. Is there such a directory (/etc/univention/ssl/openp*)

If i install openproject, the listener log looks like:

updating ‘cn=openp-54052695,cn=memberserver,cn=computers,dc=four,dc=two’ command a
23.10.17 12:43:25.375 LISTENER ( PROCESS ) : Generating krb5.keytab for openp-54052695
Creating certificate: openp-54052695.four.two
no certificate for openp-54052695.four.two registered
Generating RSA private key, 2048 bit long modulus

And i have a ssl directory:

lrwxrwxrwx 1 root nogroup 43 Okt 23 12:43 openp-54052695 -> /etc/univention/ssl/openp-54052695.four.two
drwxr-x— 2 openp-54052695$ DC Backup Hosts 4096 Okt 23 12:43 openp-54052695.four.two

Owner should be the name of the directory plus an extra ‘$’ (this is the uid for the computer account which ist created for the app during the join).

best regards,
Felix


#3

thanks for your help, but it seems that the master does not generate the certs at all. For other domain joins of containers it works well but for openp it does not generate anything.


#4

Can you provide the listener.log of your UCS master server (please make sure there there are no sensitive information in the log file)? During the installation of the app a host account for the app is created and on the master server a listener module should create a corresponding certificate file.