Join script fails 98univention-samba4-saml-kerberos.inst


#1

I am unable to run the last join script. I have read several posts and tried several solutions to no avail. The user-sso not found began after the upgrade to 4.3 from 4.2. there are no rejects and packages are all installed to the best of my knowledge

RUNNING 98univention-samba4-saml-kerberos.inst
2018-03-17 13:55:47.557558436-07:00 (in joinscript_init)
Waiting for user replication...
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
ERROR: User ucs-sso not found
EXITCODE=1

following a different thread I tried to make sure packages are installed

root@ucs1:/home/dmadmin# dpkg -l univention-saml univention-server-master
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                     Version           Architecture      Description
+++-========================-=================-=================-======================================================
ii  univention-saml          5.0.4-17A~4.3.0.2 all               Integrates simpleSAMLphp Identity Provider into UCS
ii  univention-server-master 13.0.0-2A~4.3.0.2 all               UCS - master domain controller
root@ucs1:/home/dmadmin#
ucr get server/role
domaincontroller_master
 univention-ldapsearch uid=ucs-sso dn
# extended LDIF
#
# LDAPv3
# base <dc=sgvfr,dc=lan> (default) with scope subtree
# filter: uid=ucs-sso
# requesting: dn
#

# ucs-sso, users, sgvfr.lan
dn: uid=ucs-sso,cn=users,dc=sgvfr,dc=lan

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

root@ucs1:/home/dmadmin# univention-s4search cn=ucs-sso dn
# Referral
ref: ldap://sgvfr.lan/CN=Configuration,DC=sgvfr,DC=lan

# Referral
ref: ldap://sgvfr.lan/DC=DomainDnsZones,DC=sgvfr,DC=lan

# Referral
ref: ldap://sgvfr.lan/DC=ForestDnsZones,DC=sgvfr,DC=lan

# returned 3 records
# 0 entries
# 3 referrals
root@ucs1:/home/dmadmin# univention-s4connector-list-rejected

UCS rejected


S4 rejected


There may be no rejected DNs if the connector is in progress, to be
sure stop the connector before running this script.


        last synced USN: 22927
root@ucs1:/home/dmadmin#

I"m not sure what else I should look at, any help appreciated.


Upgrading to 4.3 blocked
#2

very odd… running

/usr/share/univention-s4-connector/resync_object_from_ucs.py --filter uid=ucs-sso

and trying the join script again passed… i wonder if it was blocked by other errors i manged to clear from the diagnostics. either way this can be closed.