Join as replica server fails

tmx · March 6, 2023, 3:09am

Hi

I try to join a UCS 5.03 to a UCS 5.03 domain server.
This fails, with error: Exception occurred: {‘desc’: ‘Connect error’, ‘errno’: 2, ‘info’: ‘No such file or directory’}

The script waits some minutes at univention-scp command.

I have checked all of Requirements for a successful join into the UCS domain.
ssh login works, all ports are open between the systems.

On the domain server, there is no “udsCA” directory.

+ test -x /usr/sbin/nscd
+ nscd -i hosts
+ copy_ca_cert
+ local ca dst=/etc/univention/ssl/ucsCA
+ rm -rf /etc/univention/ssl/ucsCA
+ install -m 0755 -d /etc/univention/ssl/ucsCA
+ for ca in ucsCA udsCA
+ '[' -e /etc/univention/ssl/ucsCA/CAcert.pem ']'
+ univention-scp /tmp/tmp.JVFCYn6eNy/dcpwd -q Administrator@system1.domain.ch:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/CAcert.pem
+ for ca in ucsCA udsCA
+ '[' -e /etc/univention/ssl/ucsCA/CAcert.pem ']'
+ univention-scp /tmp/tmp.JVFCYn6eNy/dcpwd -q Administrator@system1.domain.ch:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/CAcert.pem
scp: /etc/univention/ssl/udsCA/CAcert.pem: No such file or directory
+ grep -q '^TLS_CACERT' /etc/ldap/ldap.conf
+ echo -n 'Running pre-join hook(s): '
+ run_join_hook join/pre-join
+ local hooktype
+ hooktype=join/pre-join
+ local master
+ local output
+ local rc
+ '[' -n system1.domain.ch ']'
+ master=system1.domain.ch
+ local j_binddn=uid=Administrator,cn=users,dc=domain,dc=ch
+ local j_bindpwdfile=/tmp/tmp.JVFCYn6eNy/dcpwd
++ ucr get server/role
+ '[' domaincontroller_master = domaincontroller_slave ']'
+ /usr/share/univention-join/univention-join-hooks --server-role domaincontroller_slave --hooktype join/pre-join --master system1.domain.ch --binddn uid=Administrator,cn=users,dc=domain,dc=ch --bindpwdfile /tmp/tmp.JVFCYn6eNy/dcpwd
univention-join-hooks: looking for hook type "join/pre-join" on system1.domain.ch
Exception occurred: {'desc': 'Connect error', 'errno': 2, 'info': 'No such file or directory'}

pixel · March 6, 2023, 10:06am

Are you talking about the join during the installation of the replica?

I had the same problem. The following procedure worked for me:

Install Replika and join (without updating!).
Restart
System diagnostics → Execute pending scripts
Restart
Update

Hope this helps.

with best
sven

tmx · March 6, 2023, 12:37pm

Hi

Thanks for your help.

Yes, i tried first with “Domänenbeitritt am Ende der Installation starten”.
This ends with Error 502 after ~10 minutes.
Second try was without this option, started join script on console after reboot.

Now i have installed again. But i have no option to not updating during installation.
Maybe the ESXi image had this option. But this image is not installable.
I used the ISO instead and created a VM manually.
Result is the same. No success, timeout after some minutes.

best regards
Thomas

tmx · March 9, 2023, 9:27am

Looks like there is no way to successfully run this join scripts at the moment.
The verbose logs contain no information to help. It blocks at univention-scp.

Are there other ways to create a replication node?
Can i just copy the content of /var/lib/ldap to the target with a cron job?