Join-Skripte nach UCS-AD-DC-Installation

german

#1

Hallo,

nach einer Installation der UCS-App “Active Directory-kompatibler Domänencontroller” auf einem Backup-DC habe ich folgendes Problem mit den Join-Skripten:

96univention-samba4.inst
98univention-samba4-dns

[code]RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-passwordchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 91univention-saml.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
2016-10-04 13:43:48.288670241+02:00 (in joinscript_init)
Not updating samba4/role
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=firma,dc=at
Stopping Samba AD DC daemon: samba.
Samba is configured as AD DC, service smbd is controlled by the main samba daemon.
Stopping NetBIOS name server: nmbd.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Starting ldap server(s): slapd …done.
dsdb_get_schema: refresh_fn() failed
schema_load_init: dsdb_get_schema failed
module schema_load initialization failed : Operations error
module rootdse initialization failed : Operations error
module samba_dsdb initialization failed : Operations error
Unable to load modules for /var/lib/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed
Failed to connect to /var/lib/samba/private/sam.ldb - schema_load_init: dsdb_get_schema failed
extract_rIDNextRID: Attribute rIDSetReferences not found
Not updating windows/wins-support
Forest : firma.at
Domain : firma.at
Netbios domain : FIRMA
DC name : pdc.firma.at
DC netbios name : PDC
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
Finding a writeable DC for domain ‘firma.at’
Found DC pdc.firma.at
workgroup is FIRMA
realm is firma.at
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=firma,DC=at] objects[402/1618] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[804/1618] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1206/1618] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1608/1618] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1618/1618] linked_values[28/0]
Partition[DC=firma,DC=at] objects[98/98] linked_values[46/0]
Partition[DC=firma,DC=at] objects[500/574] linked_values[0/0]
Failed to apply records: …/ldb_tdb/ldb_index.c:1216: Failed to re-index objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at - …/ldb_tdb/ldb_index.c:1148: unique index violation on objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at: Entry already exists
Failed to commit objects: WERR_GENERAL_FAILURE
ERROR(<type ‘exceptions.TypeError’>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 628, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1177, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1082, in do_join
ctx.join_replicate()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 835, in join_replicate
replica_flags=ctx.domain_replica_flags)
File “/usr/lib/python2.7/dist-packages/samba/drs_utils.py”, line 257, in replicate
schema=schema, req_level=req_level, req=req)
checking sAMAccountName
Adding CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Adding CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Adding CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Adding SPNs to CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Setting account password for BDC$
Enabling account
Calling bare provision
Provision OK for domain DN DC=firma,DC=at
Starting replication
Replicating critical objects from the base DN of the domain
Join failed - cleaning up
checking sAMAccountName
removing samaccount: CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Deleted CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Deleted CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Deleted CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Failed to join the domain firma.at.
EXITCODE=1
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
2016-10-04 13:44:09.116587859+02:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Die Okt 4 13:44:09 CEST 2016
univention-run-join-scripts finished
[/code]

Es gibt einen Master-DC, der bereits AD-DC ist.
Die UCS-Version ist 4.1-3

Woran könnte es hier scheitern?

LG,
Roland.


#2

Moin,

bevor wir lange nach der Ursache forschen — haben Sie schon versucht, den DC Backup schlicht komplett neu zu joinen? Dabei zieht er sich ja eine komplett neue Kopie vom LDAP, was solche Probleme verhindern könnte.

Gruß,
mosu


#3

Nein, gute Idee - hatte ich zunächst nicht probiert. Scheint aber leider genau das gleiche Problem aufzuwerfen:

Teil 1:

Wed Oct  5 11:39:05 CEST 2016: starting /usr/sbin/univention-join 
running version check
OK: UCS version on pdc.firma.at is higher or equal (4.13) to the local version (4.13).
Stopping univention-s4-connector daemon.
failed.
Stopping ldap server(s): slapd ...done.
Stopping Samba AD DC daemon: samba.
Samba is configured as AD DC, service smbd is controlled by the main samba daemon.
Stopping NetBIOS name server: nmbd.
Starting ldap server(s): slapd ...done.
Wed Oct  5 11:39:27 CEST 2016
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2016 Univention GmbH, Germany

ldap_dn="cn=bdc,cn=dc,cn=computers,dc=firma,dc=at" 
Setting ldap/hostdn
File: /etc/pam.d/smtp
Multifile: /etc/simplesamlphp/authsources.php
File: /etc/pam_ldap.conf
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
ok: down: univention-directory-notifier: 0s
ok: down: univention-directory-listener: 0s
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Setting ldap/master
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/simplesamlphp/authsources.php
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/init.d/slapd
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Not updating ldap/server/name
Not updating ldap/master
Setting kerberos/realm
File: /var/lib/samba/private/krb5.conf
File: /etc/samba/base.conf
File: /etc/krb5.conf
Multifile: /etc/samba/smb.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/logrotate.d/winbind
File: /etc/krb5.conf
Multifile: /etc/samba/smb.conf
File: /etc/logrotate.d/univention-samba4
Setting dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Setting dns/forwarder2
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Setting dns/forwarder3
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Configure 01univention-ldap-server-init.inst Wed Oct  5 11:39:56 CEST 2016
2016-10-05 11:39:56.122566993+02:00 (in joinscript_init)

WARNING!
Check file permissions!

Multifile: /etc/ldap/slapd.conf
Starting ldap server(s): slapd ...done.
2016-10-05 11:40:07.361311261+02:00 (in joinscript_save_current_version)
Configure 02univention-directory-notifier.inst Wed Oct  5 11:40:07 CEST 2016
2016-10-05 11:40:07.384520274+02:00 (in joinscript_init)
Starting Univention Directory Notifier daemon.
ok: run: univention-directory-notifier: (pid 12722) 0s, normally down
done.
2016-10-05 11:40:07.842371177+02:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Wed Oct  5 11:40:07 CEST 2016
2016-10-05 11:40:07.861602839+02:00 (in joinscript_init)
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
05.10.16 11:40:08.576  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=pdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_END    : uldap.__open host=pdc.firma.at port=7389 base=dc=firma,dc=at
05.10.16 11:40:10.797  LISTENER    ( WARN    ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
05.10.16 11:40:12.184  LISTENER    ( WARN    ) : handler: s4-connector (not ready) (ignore)
05.10.16 11:40:12.185  LISTENER    ( WARN    ) : handler: faillog (not ready) (ignore)
05.10.16 11:40:12.186  LISTENER    ( WARN    ) : Set Schema ID to 23
05.10.16 11:40:12.186  LISTENER    ( WARN    ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting ldap server(s): slapd ...done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...retry #1....done.
Starting ldap server(s): slapd ...done.
05.10.16 11:40:43.993  LISTENER    ( WARN    ) : finished initializing module replication with rv=0
05.10.16 11:40:43.993  LISTENER    ( WARN    ) : initializing module samba-shares
05.10.16 11:40:44.096  LISTENER    ( WARN    ) : finished initializing module samba-shares with rv=0
05.10.16 11:40:44.096  LISTENER    ( WARN    ) : initializing module univention-saml-servers
Restarting univention-saml.
Stopping univention-saml.
Stopping memcached: memcached_univention_saml.
Stopping SSL tunnels: /etc/stunnel/univention_saml.conf: stopped
done.
Starting univention-saml.
Starting memcached: memcached_univention_saml.
Starting SSL tunnels: /etc/stunnel/univention_saml.conf: started
done.
done.
Restarting univention-saml.
Stopping univention-saml.
Stopping memcached: memcached_univention_saml.
Stopping SSL tunnels: /etc/stunnel/univention_saml.conf: stopped
done.
Starting univention-saml.
Starting memcached: memcached_univention_saml.
Starting SSL tunnels: /etc/stunnel/univention_saml.conf: started
done.
done.
05.10.16 11:40:52.164  LISTENER    ( WARN    ) : finished initializing module univention-saml-servers with rv=0
05.10.16 11:40:52.164  LISTENER    ( WARN    ) : initializing module udm_extension
05.10.16 11:40:57.833  LISTENER    ( WARN    ) : finished initializing module udm_extension with rv=0
05.10.16 11:40:57.833  LISTENER    ( WARN    ) : initializing module keytab
05.10.16 11:40:57.906  LISTENER    ( WARN    ) : finished initializing module keytab with rv=0
05.10.16 11:40:57.906  LISTENER    ( WARN    ) : initializing module gencertificate
05.10.16 11:40:57.963  LISTENER    ( WARN    ) : finished initializing module gencertificate with rv=0
05.10.16 11:40:57.963  LISTENER    ( WARN    ) : initializing module s4-connector
05.10.16 11:40:58.395  LISTENER    ( WARN    ) : finished initializing module s4-connector with rv=0
05.10.16 11:40:58.395  LISTENER    ( WARN    ) : initializing module univention-saml-simplesamlphp-configuration
05.10.16 11:40:59.795  LISTENER    ( WARN    ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
05.10.16 11:40:59.795  LISTENER    ( WARN    ) : initializing module quota
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_END    : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_END    : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
UNIVENTION_DEBUG_END    : uldap.__open host=bdc.firma.at port=7389 base=dc=firma,dc=at
05.10.16 11:40:59.952  LISTENER    ( WARN    ) : finished initializing module quota with rv=0
05.10.16 11:40:59.952  LISTENER    ( WARN    ) : initializing module ldap_server
05.10.16 11:41:00.608  LISTENER    ( WARN    ) : finished initializing module ldap_server with rv=0
05.10.16 11:41:00.608  LISTENER    ( WARN    ) : initializing module hosteddomains
05.10.16 11:41:00.678  LISTENER    ( WARN    ) : finished initializing module hosteddomains with rv=0
05.10.16 11:41:00.678  LISTENER    ( WARN    ) : initializing module nfs-homes
05.10.16 11:41:00.751  LISTENER    ( WARN    ) : finished initializing module nfs-homes with rv=0
05.10.16 11:41:00.751  LISTENER    ( WARN    ) : initializing module well-known-sid-name-mapping
05.10.16 11:41:00.894  LISTENER    ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/replicator=Replicators
05.10.16 11:41:02.157  LISTENER    ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
05.10.16 11:41:03.343  LISTENER    ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/serveroperators=System Operators
05.10.16 11:41:04.610  LISTENER    ( WARN    ) : finished initializing module well-known-sid-name-mapping with rv=0
05.10.16 11:41:04.610  LISTENER    ( WARN    ) : initializing module faillog
05.10.16 11:41:04.693  LISTENER    ( WARN    ) : finished initializing module faillog with rv=0
05.10.16 11:41:04.693  LISTENER    ( WARN    ) : initializing module bind
05.10.16 11:41:04.833  LISTENER    ( WARN    ) : finished initializing module bind with rv=0
05.10.16 11:41:04.833  LISTENER    ( WARN    ) : initializing module nss
05.10.16 11:41:04.896  LISTENER    ( WARN    ) : finished initializing module nss with rv=0
05.10.16 11:41:04.896  LISTENER    ( WARN    ) : initializing module nscd_update
05.10.16 11:41:04.958  LISTENER    ( WARN    ) : finished initializing module nscd_update with rv=0
05.10.16 11:41:04.958  LISTENER    ( WARN    ) : initializing module nfs-shares
05.10.16 11:41:05.025  LISTENER    ( WARN    ) : finished initializing module nfs-shares with rv=0
05.10.16 11:41:05.025  LISTENER    ( WARN    ) : initializing module keytab-member
05.10.16 11:41:05.077  LISTENER    ( WARN    ) : finished initializing module keytab-member with rv=0
05.10.16 11:41:05.077  LISTENER    ( WARN    ) : initializing module samba4-idmap
05.10.16 11:41:07.887  LISTENER    ( WARN    ) : finished initializing module samba4-idmap with rv=0
05.10.16 11:41:07.887  LISTENER    ( WARN    ) : initializing module umc-service-providers
05.10.16 11:41:08.476  LISTENER    ( WARN    ) : finished initializing module umc-service-providers with rv=0
05.10.16 11:41:08.476  LISTENER    ( WARN    ) : initializing module nagios-client
05.10.16 11:41:08.666  LISTENER    ( WARN    ) : finished initializing module nagios-client with rv=0
05.10.16 11:41:08.666  LISTENER    ( WARN    ) : initializing module license_uuid
W: The config registry variable 'uuid/license' does not exist
05.10.16 11:41:08.833  LISTENER    ( WARN    ) : finished initializing module license_uuid with rv=0
05.10.16 11:41:08.833  LISTENER    ( WARN    ) : initializing module pkgdb-watch
05.10.16 11:41:08.890  LISTENER    ( WARN    ) : finished initializing module pkgdb-watch with rv=0
05.10.16 11:41:08.890  LISTENER    ( WARN    ) : initializing module ldap_extension
05.10.16 11:41:11.858  LISTENER    ( WARN    ) : finished initializing module ldap_extension with rv=0
Reloading /etc/samba/smb.conf: smbd.
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13258="rndc -p 55555 reload 33.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13260="rndc -p 55555 reload 10.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13264="rndc -p 55555 reload 20.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13266="rndc -p 55555 reload 10.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13275="rndc -p 55555 reload 106.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13277="rndc -p 55555 reload 37.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13288="rndc -p 55555 reload 25.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.197  LISTENER    ( WARN    ) : DNS: 13295="rndc -p 55555 reload 18.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:12.198  LISTENER    ( WARN    ) : DNS: 13308="rndc -p 55555 reload 12.168.192.in-addr.arpa" exited with 1
zone refresh queued
rndc: 'reload' failed: bad zone
zone refresh queued
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
rndc: 'reload' failed: bad zone
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13301="rndc -p 55555 reload 13.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13310="rndc -p 55555 reload 24.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13312="rndc -p 55555 reload 11.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13320="rndc -p 55555 reload werk2.firma.at" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13332="rndc -p 55555 reload 50.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13334="rndc -p 55555 reload firma.at" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13336="rndc -p 55555 reload 31.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13348="rndc -p 55555 reload 102.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13350="rndc -p 55555 reload 32.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13355="rndc -p 55555 reload 40.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13361="rndc -p 55555 reload 23.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.199  LISTENER    ( WARN    ) : DNS: 13379="rndc -p 55555 reload 113.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13381="rndc -p 55555 reload 38.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13383="rndc -p 55555 reload werk4.firma.at" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13387="rndc -p 55555 reload 99.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13389="rndc -p 55555 reload 52.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13398="rndc -p 55555 reload 36.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13411="rndc -p 55555 reload 110.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13415="rndc -p 55555 reload 17.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13422="rndc -p 55555 reload werk3.firma.at" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13431="rndc -p 55555 reload 100.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13433="rndc -p 55555 reload 35.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13441="rndc -p 55555 reload 105.168.192.in-addr.arpa" exited with 1
05.10.16 11:41:13.200  LISTENER    ( WARN    ) : DNS: 13443="rndc -p 55555 reload soederhamn.firma.at" exited with 1
12875
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
13497
05.10.16 11:41:45.614  LISTENER    ( PROCESS ) : ldap_extension: Reloading LDAP server.
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Setting ucs/server/saml-idp-server/pdc.firma.at
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Setting ucs/server/saml-idp-server/bdc.firma.at
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Setting ldap/master
Setting kerberos/adminserver
File: /etc/ntp.conf
File: /etc/krb5.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Setting groups/default/replicator
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Setting groups/default/printoperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Setting groups/default/serveroperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Setting umc/saml/trusted/sp/pdc.firma.at
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/bdc.firma.at
File: /etc/ldap/sasl2/slapd.conf
Setting license/base
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Starting univention-directory-listener daemon.
done.
2016-10-05 11:42:01.341369924+02:00 (in joinscript_save_current_version)
Configure 04univention-ldap-client.inst Wed Oct  5 11:42:02 CEST 2016
2016-10-05 11:42:02.530037179+02:00 (in joinscript_init)
Setting nsswitch/ldap
File: /etc/nsswitch.conf
Restarting Name Service Cache Daemon: nscd.
2016-10-05 11:42:02.965229834+02:00 (in joinscript_save_current_version)
Configure 05univention-bind.inst Wed Oct  5 11:42:02 CEST 2016
2016-10-05 11:42:02.983601070+02:00 (in joinscript_init)
wait for named ?
wait for named ?
Adding A record "bdc 192.168.11.6" to zone firma.at...
done
Adding ZONE record "root@firma.at. 1 28800 7200 604800 10800 bdc.firma.at." to zone 192.168.11...
Adding PTR record "6 bdc.firma.at." to zone 192.168.11...
done
Setting dns/master/address
Not updating dns/master/port
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
2016-10-05 11:42:05.777694892+02:00 (in joinscript_save_current_version)
Configure 08univention-apache.inst Wed Oct  5 11:42:05 CEST 2016
2016-10-05 11:42:05.794036064+02:00 (in joinscript_init)
Module ssl disabled.
To activate the new configuration, you need to run:
  service apache2 restart
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
Site default-ssl disabled.
To activate the new configuration, you need to run:
  service apache2 reload
Enabling site default-ssl.
To activate the new configuration, you need to run:
  service apache2 reload
Reloading web server config: apache2.
Setting ucs/web/overview/entries/admin/root-certificate/label
Setting ucs/web/overview/entries/admin/root-certificate/label/de
Setting ucs/web/overview/entries/admin/root-certificate/description
Setting ucs/web/overview/entries/admin/root-certificate/description/de
Setting ucs/web/overview/entries/admin/root-certificate/link
Setting ucs/web/overview/entries/admin/root-certificate/priority
Setting ucs/web/overview/entries/admin/invalid-certificate-list/label
Setting ucs/web/overview/entries/admin/invalid-certificate-list/label/de
Setting ucs/web/overview/entries/admin/invalid-certificate-list/description
Setting ucs/web/overview/entries/admin/invalid-certificate-list/description/de
Setting ucs/web/overview/entries/admin/invalid-certificate-list/link
Setting ucs/web/overview/entries/admin/invalid-certificate-list/priority
File: /var/www/ucs-overview/entries.json
Setting ucs/web/overview/entries/admin/ldap-master/label
Setting ucs/web/overview/entries/admin/ldap-master/label/de
Setting ucs/web/overview/entries/admin/ldap-master/description
Setting ucs/web/overview/entries/admin/ldap-master/description/de
Setting ucs/web/overview/entries/admin/ldap-master/link
Setting ucs/web/overview/entries/admin/ldap-master/link/de
Setting ucs/web/overview/entries/admin/ldap-master/priority
File: /var/www/ucs-overview/entries.json
2016-10-05 11:42:08.403680613+02:00 (in joinscript_save_current_version)
Configure 10univention-ldap-server.inst Wed Oct  5 11:42:08 CEST 2016
2016-10-05 11:42:08.426064710+02:00 (in joinscript_init)
SRV record _ldap._tcp for port 7389 not created because Samba4 DCs are present: pdc
wait for named ?
Does not exist
wait for named ?
Adding ZONE record "root@firma.at. 1 28800 10800 604800 108001 bdc.firma.at." to zone 192.168.11...
wait for named ?
Object exists: krb5PrincipalName=ldap/bdc.firma.at@FIRMA.AT,cn=kerberos,dc=firma,dc=at
Object modified: cn=default-settings,cn=ldap,cn=policies,dc=firma,dc=at
Object modified: cn=default-settings,cn=ldap,cn=policies,dc=firma,dc=at
Object exists: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=firma,dc=at
Object modified: cn=default-ldap-servers,cn=config-registry,cn=policies,dc=firma,dc=at
Object exists: cn=services,cn=univention,dc=firma,dc=at
Object exists: cn=LDAP,cn=services,cn=univention,dc=firma,dc=at
WARNING: cannot append LDAP to service, value exists
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
2016-10-05 11:42:26.193770698+02:00 (in joinscript_save_current_version)
Configure 11univention-heimdal-init.inst Wed Oct  5 11:42:26 CEST 2016
2016-10-05 11:42:26.222076631+02:00 (in joinscript_init)
Not updating kerberos/kpasswdserver
2016-10-05 11:42:27.072021174+02:00 (in joinscript_save_current_version)
Configure 11univention-pam.inst Wed Oct  5 11:42:27 CEST 2016
2016-10-05 11:42:27.093954694+02:00 (in joinscript_init)
Not updating auth/sshd/restrict
Not updating auth/sshd/group/Domain Admins
Not updating auth/sshd/group/Computers
Not updating auth/sshd/group/DC Slave Hosts
Not updating auth/sshd/group/DC Backup Hosts
Not updating auth/sshd/group/Administrators
Not updating auth/sshd/user/root
File: /etc/libnss-ldap.conf
2016-10-05 11:42:27.263174429+02:00 (in joinscript_save_current_version)
Configure 15univention-directory-notifier-post.inst Wed Oct  5 11:42:27 CEST 2016
2016-10-05 11:42:27.284397589+02:00 (in joinscript_init)
Restarting univention-directory-notifier daemon: .
ok: run: univention-directory-notifier: (pid 14164) 0s, normally down
done.
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 14195) 0s, normally down
done.
2016-10-05 11:42:40.538416195+02:00 (in joinscript_save_current_version)
Configure 15univention-heimdal-kdc.inst Wed Oct  5 11:42:40 CEST 2016
2016-10-05 11:42:40.555772693+02:00 (in joinscript_init)
Stopping Heimdal KDC: heimdal-kdc.
kdc-kpasswdd disabled by ucr var kerberos/autostart=no
2016-10-05 11:42:42.121502693+02:00 (in joinscript_save_current_version)
Configure 18python-univention-directory-manager.inst Wed Oct  5 11:42:42 CEST 2016
2016-10-05 11:42:42.339158463+02:00 (in joinscript_init)
Object exists: cn=objectFlag,cn=custom attributes,cn=univention,dc=firma,dc=at
2016-10-05 11:42:43.646388301+02:00 (in joinscript_save_current_version)
Configure 20univention-directory-policy.inst Wed Oct  5 11:42:43 CEST 2016
2016-10-05 11:42:43.671242348+02:00 (in joinscript_init)
2016-10-05 11:42:43.987792688+02:00 (in joinscript_save_current_version)
Configure 20univention-join.inst Wed Oct  5 11:42:43 CEST 2016
2016-10-05 11:42:44.020919104+02:00 (in joinscript_init)
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
2016-10-05 11:42:47.688998867+02:00 (in joinscript_save_current_version)
Configure 26univention-nagios-common.inst Wed Oct  5 11:42:47 CEST 2016
2016-10-05 11:42:47.716044744+02:00 (in joinscript_init)
Object exists: cn=nagios,dc=firma,dc=at
Object exists: cn=24x7,cn=nagios,dc=firma,dc=at
Object exists: cn=WorkHours,cn=nagios,dc=firma,dc=at
Object exists: cn=NonWorkHours,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_PING,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_DISK_ROOT,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_DNS,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_SWAP,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_LDAP_AUTH,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_NTP,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_SMTP2,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_SSL,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_LOAD,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_REPLICATION,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_NSCD,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_KPASSWDD,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_WINBIND,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_SMBD,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_NMBD,cn=nagios,dc=firma,dc=at
Object exists: cn=UNIVENTION_JOINSTATUS,cn=nagios,dc=firma,dc=at
2016-10-05 11:42:49.459785474+02:00 (in joinscript_save_current_version)
Configure 30univention-appcenter.inst Wed Oct  5 11:42:49 CEST 2016
2016-10-05 11:42:49.485800454+02:00 (in joinscript_init)
Object exists: cn=apps,cn=univention,dc=firma,dc=at
Object exists: cn=ldapschema,cn=univention,dc=firma,dc=at
INFO: No change of core data of object univention-app.
Object exists: cn=ldapacl,cn=univention,dc=firma,dc=at
INFO: No change of core data of object 66univention-appcenter_app.
Object exists: cn=udm_module,cn=univention,dc=firma,dc=at
INFO: No change of core data of object appcenter/app.
No modification: cn=univention-app,cn=ldapschema,cn=univention,dc=firma,dc=at

No modification: cn=66univention-appcenter_app,cn=ldapacl,cn=univention,dc=firma,dc=at

No modification: cn=appcenter/app,cn=udm_module,cn=univention,dc=firma,dc=at

Waiting for activation of the extension object univention-app: OK
Waiting for activation of the extension object 66univention-appcenter_app: OK
Waiting for activation of the extension object appcenter/app: OK
Waiting for file /usr/share/univention-appcenter/app.py: OK
Terminating running univention-cli-server processes.
Stopping ldap server(s): slapd ...done.

WARNING!
Check file permissions!

#4

Teil 2:

Multifile: /etc/ldap/slapd.conf
Starting ldap server(s): slapd ...done.
No repository to register
Creating data directories for samba4...
No hostdn for 7i4ucs-123 found. Nothing to remove
No hostdn for 7i4ucs-dokuwiki found. Nothing to remove
No hostdn for 7i4ucs-redmine found. Nothing to remove
No hostdn for 7i4ucs-svn found. Nothing to remove
No hostdn for 7i4ucs-trac found. Nothing to remove
No hostdn for 7i4ucs-wordpress found. Nothing to remove
No hostdn for adconnector found. Nothing to remove
No hostdn for adtakeover found. Nothing to remove
No hostdn for agorumcore-pro found. Nothing to remove
No hostdn for asterisk4ucs found. Nothing to remove
No hostdn for audriga-groupware-migration found. Nothing to remove
No hostdn for auralis found. Nothing to remove
No hostdn for bacula found. Nothing to remove
No hostdn for bareos found. Nothing to remove
No hostdn for benno-mailarchiv found. Nothing to remove
No hostdn for briox found. Nothing to remove
No hostdn for cups found. Nothing to remove
No hostdn for dhcp-server found. Nothing to remove
No hostdn for digitec-suitecrm found. Nothing to remove
No hostdn for drbd found. Nothing to remove
No hostdn for dudle found. Nothing to remove
No hostdn for edyou found. Nothing to remove
No hostdn for egroupware found. Nothing to remove
No hostdn for etherpad-lite found. Nothing to remove
No hostdn for fetchmail found. Nothing to remove
No hostdn for google-apps found. Nothing to remove
No hostdn for heliumvserver found. Nothing to remove
No hostdn for horde found. Nothing to remove
No hostdn for icinga found. Nothing to remove
No hostdn for ikarus_gatewaysecurity found. Nothing to remove
No hostdn for iku-av-mail found. Nothing to remove
No hostdn for iku-av-proxy found. Nothing to remove
No hostdn for jenkins found. Nothing to remove
No hostdn for jira found. Nothing to remove
No hostdn for kde found. Nothing to remove
No hostdn for kivitendo found. Nothing to remove
No hostdn for kix2016 found. Nothing to remove
No hostdn for kix4otrs6 found. Nothing to remove
No hostdn for kix4otrs7 found. Nothing to remove
No hostdn for klms found. Nothing to remove
No hostdn for kolab-enterprise found. Nothing to remove
No hostdn for kopano-core found. Nothing to remove
No hostdn for kopano-webapp found. Nothing to remove
No hostdn for kopano-webmeetings found. Nothing to remove
No hostdn for kvm found. Nothing to remove
No hostdn for m23 found. Nothing to remove
No hostdn for maildisclaimer found. Nothing to remove
No hostdn for mailserver found. Nothing to remove
No hostdn for mobydick found. Nothing to remove
No hostdn for nagios found. Nothing to remove
No hostdn for odoo8 found. Nothing to remove
No hostdn for office365 found. Nothing to remove
No hostdn for open-xchange-guard found. Nothing to remove
No hostdn for open-xchange-text found. Nothing to remove
No hostdn for opencms found. Nothing to remove
No hostdn for openproject found. Nothing to remove
No hostdn for openvpn4ucs found. Nothing to remove
No hostdn for opsi found. Nothing to remove
No hostdn for opsi-local-image found. Nothing to remove
No hostdn for orocrm found. Nothing to remove
No hostdn for owncloud81 found. Nothing to remove
No hostdn for owncloud82 found. Nothing to remove
No hostdn for oxseforucs found. Nothing to remove
No hostdn for pkgdb found. Nothing to remove
No hostdn for plucs found. Nothing to remove
No hostdn for privacyidea found. Nothing to remove
No hostdn for privacyidea-pam found. Nothing to remove
No hostdn for privacyidea-radius found. Nothing to remove
No hostdn for privacyidea-saml found. Nothing to remove
No hostdn for radius found. Nothing to remove
No hostdn for samba-memberserver found. Nothing to remove
No hostdn for self-service found. Nothing to remove
No hostdn for sep-sesam found. Nothing to remove
No hostdn for sep-sesam-cli found. Nothing to remove
No hostdn for squid found. Nothing to remove
No hostdn for tecart found. Nothing to remove
No hostdn for tine20 found. Nothing to remove
No hostdn for ucc found. Nothing to remove
No hostdn for ucsschool found. Nothing to remove
No hostdn for univention-demo found. Nothing to remove
No hostdn for univention-demo-data found. Nothing to remove
No hostdn for uvmm found. Nothing to remove
No hostdn for uvmm-ec2 found. Nothing to remove
No hostdn for webweaver found. Nothing to remove
No hostdn for wildfly found. Nothing to remove
No hostdn for xrdp found. Nothing to remove
No hostdn for z-push found. Nothing to remove
No hostdn for z-push-kopano found. Nothing to remove
No hostdn for zarafa found. Nothing to remove
No hostdn for zarafa-webapp found. Nothing to remove
No hostdn for zmeetings4ucs found. Nothing to remove
Removing localhost from LDAP object
Removing localhost from LDAP object
Removing localhost from LDAP object
Registering UCR for samba4
Marking samba4=4.3 as installed
Adding localhost to LDAP object
2016-10-05 11:43:10.884045870+02:00 (in joinscript_save_current_version)
Configure 30univention-nagios-client.inst Wed Oct  5 11:43:10 CEST 2016
2016-10-05 11:43:10.923131114+02:00 (in joinscript_init)
File: /etc/nagios/nrpe.cfg
Object modified: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_PING,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_DISK_ROOT,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_SWAP,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_DNS,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_SMTP2,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_REPLICATION,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_LOAD,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_NTP,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_NSCD,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_SSL,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_LDAP_AUTH,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_JOINSTATUS,cn=nagios,dc=firma,dc=at
2016-10-05 11:43:13.481844773+02:00 (in joinscript_save_current_version)
Configure 31univention-nagios-s4-connector.inst Wed Oct  5 11:43:13 CEST 2016
2016-10-05 11:43:13.504058186+02:00 (in joinscript_init)
Object exists: cn=UNIVENTION_S4CONNECTOR,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_S4CONNECTOR,cn=nagios,dc=firma,dc=at
2016-10-05 11:43:14.101049154+02:00 (in joinscript_save_current_version)
Configure 31univention-nagios-samba.inst Wed Oct  5 11:43:14 CEST 2016
2016-10-05 11:43:14.112453437+02:00 (in joinscript_init)
Object exists: cn=UNIVENTION_SAMBA_REPLICATION,cn=nagios,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to assignedHosts, value exists
No modification: cn=UNIVENTION_SAMBA_REPLICATION,cn=nagios,dc=firma,dc=at
2016-10-05 11:43:14.710397970+02:00 (in joinscript_save_current_version)
Configure 34univention-management-console-server.inst Wed Oct  5 11:43:14 CEST 2016
2016-10-05 11:43:14.921775632+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Restarting Univention Management Console Server.
done.
2016-10-05 11:43:16.207443056+02:00 (in joinscript_save_current_version)
Configure 35univention-appcenter-docker.inst Wed Oct  5 11:43:16 CEST 2016
2016-10-05 11:43:16.229189965+02:00 (in joinscript_init)
Object exists: cn=app-release-update,cn=policies,dc=firma,dc=at
Object exists: cn=app-update-schedule,cn=policies,dc=firma,dc=at
2016-10-05 11:43:16.565694066+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-appcenter.inst Wed Oct  5 11:43:16 CEST 2016
2016-10-05 11:43:16.791496936+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=appcenter-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=appcenter-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:17.802374438+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-diagnostic.inst Wed Oct  5 11:43:17 CEST 2016
2016-10-05 11:43:18.027511408+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=diagnostic-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=diagnostic-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:18.853513069+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-ipchange.inst Wed Oct  5 11:43:18 CEST 2016
2016-10-05 11:43:19.154196410+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=ipchange,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-slave-umc,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=ipchange,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-slave-umc,cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=default-backup-umc,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=ipchange,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-backup-umc,cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=default-computers-umc,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=ipchange,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-computers-umc,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-backup-umc,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=DC Backup Hosts,cn=groups,dc=firma,dc=at
WARNING: cannot append cn=default-slave-umc,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=DC Slave Hosts,cn=groups,dc=firma,dc=at
WARNING: cannot append cn=default-computers-umc,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Computers,cn=groups,dc=firma,dc=at
2016-10-05 11:43:20.756800556+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-join.inst Wed Oct  5 11:43:20 CEST 2016
2016-10-05 11:43:20.981226449+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=join-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=join-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:21.995962939+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-lib.inst Wed Oct  5 11:43:22 CEST 2016
2016-10-05 11:43:22.217857933+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=lib-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=lib-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:23.019350712+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-mrtg.inst Wed Oct  5 11:43:23 CEST 2016
2016-10-05 11:43:23.242963904+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=mrtg-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=mrtg-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:24.038848597+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-passwordchange.inst Wed Oct  5 11:43:24 CEST 2016
2016-10-05 11:43:24.345720473+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=passwordchange-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=passwordchange-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=passwordchange-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:25.223372778+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-quota.inst Wed Oct  5 11:43:25 CEST 2016
2016-10-05 11:43:25.439481608+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=quota-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=quota-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:26.248279236+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-reboot.inst Wed Oct  5 11:43:26 CEST 2016
2016-10-05 11:43:26.462150848+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=reboot-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=reboot-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:27.269017598+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-services.inst Wed Oct  5 11:43:27 CEST 2016
2016-10-05 11:43:27.489856232+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=services-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=services-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:28.294410935+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-setup.inst Wed Oct  5 11:43:28 CEST 2016
2016-10-05 11:43:28.511406177+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=setup-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=setup-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=udm-request-license,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-backup-umc,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=udm-request-license,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-backup-umc,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:29.728302205+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-sysinfo.inst Wed Oct  5 11:43:29 CEST 2016
2016-10-05 11:43:29.952041903+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=sysinfo-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=sysinfo-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:30.761425131+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-top.inst Wed Oct  5 11:43:30 CEST 2016
2016-10-05 11:43:30.975127704+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=top-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=top-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:31.790471639+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-ucr.inst Wed Oct  5 11:43:31 CEST 2016
2016-10-05 11:43:31.996347587+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=ucr-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=ucr-read,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=ucr-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:32.861078503+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-udm.inst Wed Oct  5 11:43:32 CEST 2016
2016-10-05 11:43:33.084440357+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=udm-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-users,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-groups,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-computers,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-printers,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-shares,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-polcies,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-mail,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-network,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-dns,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-dhcp,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-nagios,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=udm-navigation,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=udm-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=udm-self,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-udm-self,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=udm-self,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-udm-self,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:34.846688283+02:00 (in joinscript_save_current_version)
Configure 35univention-management-console-module-updater.inst Wed Oct  5 11:43:34 CEST 2016
2016-10-05 11:43:35.088891136+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=updater-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=updater-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:36.088278407+02:00 (in joinscript_save_current_version)
Configure 36univention-management-console-module-apps.inst Wed Oct  5 11:43:36 CEST 2016
2016-10-05 11:43:36.304478208+02:00 (in joinscript_init)
Object exists: cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=UMC,cn=policies,dc=firma,dc=at
Object exists: cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Admins,cn=groups,dc=firma,dc=at
Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at
WARNING: cannot append cn=default-umc-users,cn=UMC,cn=policies,dc=firma,dc=at to univentionPolicyReference, value exists
No modification: cn=Domain Users,cn=groups,dc=firma,dc=at
Object exists: cn=apps-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at
WARNING: cannot append cn=apps-all,cn=operations,cn=UMC,cn=univention,dc=firma,dc=at to allow, value exists
No modification: cn=default-umc-all,cn=UMC,cn=policies,dc=firma,dc=at
2016-10-05 11:43:37.130628561+02:00 (in joinscript_save_current_version)
Configure 40univention-virtual-machine-manager-schema.inst Wed Oct  5 11:43:37 CEST 2016
2016-10-05 11:43:37.156742477+02:00 (in joinscript_init)
Object exists: cn=UVMM,cn=custom attributes,cn=univention,dc=firma,dc=at
Object exists: cn=ManagementServer,cn=UVMM,cn=custom attributes,cn=univention,dc=firma,dc=at
Object exists: cn=ManageableBy,cn=UVMM,cn=custom attributes,cn=univention,dc=firma,dc=at
WARNING: cannot append uvmm/cloudconnection to module, value exists
No modification: cn=ManageableBy,cn=UVMM,cn=custom attributes,cn=univention,dc=firma,dc=at
Object exists: cn=UVMMGroup,cn=UVMM,cn=custom attributes,cn=univention,dc=firma,dc=at
Object exists: cn=Virtual Machine Manager,dc=firma,dc=at
Object exists: cn=Information,cn=Virtual Machine Manager,dc=firma,dc=at
Object exists: cn=CloudConnection,cn=Virtual Machine Manager,dc=firma,dc=at
Object exists: cn=CloudType,cn=Virtual Machine Manager,dc=firma,dc=at
Object exists: cn=OpenStack,cn=CloudType,cn=Virtual Machine Manager,dc=firma,dc=at
2016-10-05 11:43:39.104938615+02:00 (in joinscript_save_current_version)
Configure 81univention-nfs-server.inst Wed Oct  5 11:43:39 CEST 2016
2016-10-05 11:43:39.127954754+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=firma,dc=at
Object exists: cn=NFS,cn=services,cn=univention,dc=firma,dc=at
WARNING: cannot append NFS to service, value exists
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
2016-10-05 11:43:40.302605242+02:00 (in joinscript_save_current_version)
Configure 90univention-bind-post.inst Wed Oct  5 11:43:40 CEST 2016
2016-10-05 11:43:40.324759439+02:00 (in joinscript_init)
Not updating dns/backend
Restarting bind9 daemon: ...done.
Wait for bind9:  done
 done
Object exists: cn=services,cn=univention,dc=firma,dc=at
Object exists: cn=DNS,cn=services,cn=univention,dc=firma,dc=at
WARNING: cannot append DNS to service, value exists
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
2016-10-05 11:43:58.217639595+02:00 (in joinscript_save_current_version)
Configure 91univention-saml.inst Wed Oct  5 11:43:58 CEST 2016
2016-10-05 11:43:58.441390069+02:00 (in joinscript_init)
Not updating saml/idp/certificate/privatekey
Not updating saml/idp/certificate/certificate
Not updating saml/idp/entityID
Not updating ucs/server/sso/fqdn
Could not chdir to home directory /dev/null: Not a directory
Successfully downloaded the sys-idp-user credential file
Multifile: /etc/simplesamlphp/authsources.php
File: /etc/apache2/sites-available/univention-saml
Adding A record "ucs-sso 192.168.11.6" to zone firma.at...
done
Not updating security/packetfilter/package/univention-saml/tcp/11212/all
Not updating security/packetfilter/package/univention-saml/tcp/11212/all/en
Object exists: cn=services,cn=univention,dc=firma,dc=at
Object exists: cn=univention-saml,cn=services,cn=univention,dc=firma,dc=at
WARNING: cannot append univention-saml to service, value exists
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
Object exists: cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
Object exists: cn=serviceprovider,cn=custom attributes,cn=univention,dc=firma,dc=at
Object exists: SAMLServiceProviderIdentifier=google.com,cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
Object exists: SAMLServiceProviderIdentifier=https://sp.testshib.org/shibboleth-sp,cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
Object exists: SAMLServiceProviderIdentifier=https://saml.salesforce.com,cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
waiting for listener modules to finish
listener shutdown done
Restarting univention-saml.
Stopping univention-saml.
Stopping memcached: memcached_univention_saml.
Stopping SSL tunnels: /etc/stunnel/univention_saml.conf: stopped
done.
Starting univention-saml.
Starting memcached: memcached_univention_saml.
Starting SSL tunnels: /etc/stunnel/univention_saml.conf: started
done.
done.
Reloading web server config: apache2.
2016-10-05 11:44:13.015688171+02:00 (in joinscript_save_current_version)
Configure 92univention-management-console-web-server.inst Wed Oct  5 11:44:13 CEST 2016
2016-10-05 11:44:13.246647241+02:00 (in joinscript_init)
Setting ucs/web/overview/entries/admin/umc/icon
Setting ucs/web/overview/entries/admin/umc/link
Setting ucs/web/overview/entries/admin/umc/link/de
Setting ucs/web/overview/entries/admin/umc/priority
File: /var/www/ucs-overview/entries.json
Setting ucs/web/overview/entries/admin/umc/label
Setting ucs/web/overview/entries/admin/umc/label/de
Setting ucs/web/overview/entries/admin/umc/description
Setting ucs/web/overview/entries/admin/umc/description/de
File: /var/www/ucs-overview/entries.json
Object exists: SAMLServiceProviderIdentifier=https://bdc.firma.at/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
No modification: SAMLServiceProviderIdentifier=https://bdc.firma.at/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=firma,dc=at
Not updating ucs/server/sso/fqdn
Reloading web server config: apache2.
Not updating umc/saml/idp-server
Restarting Univention Management Console Web Server.
done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Object exists: cn=services,cn=univention,dc=firma,dc=at
Object exists: cn=Univention Management Console,cn=services,cn=univention,dc=firma,dc=at
WARNING: cannot append Univention Management Console to service, value exists
No modification: cn=bdc,cn=dc,cn=computers,dc=firma,dc=at
2016-10-05 11:44:16.914102867+02:00 (in joinscript_save_current_version)
Configure 96univention-samba4.inst Wed Oct  5 11:44:16 CEST 2016
2016-10-05 11:44:16.942600780+02:00 (in joinscript_init)
Not updating samba4/role
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=firma,dc=at
WARNING: cannot append cn=bdc,cn=dc,cn=computers,dc=firma,dc=at to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=firma,dc=at
Stopping Samba AD DC daemon: samba.
Samba is configured as AD DC, service smbd is controlled by the main samba daemon.
Stopping NetBIOS name server: nmbd.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
extract_rIDNextRID: Attribute rIDSetReferences not found
Not updating windows/wins-support
Forest           : firma.at
Domain           : firma.at
Netbios domain   : FIRMA
DC name          : pdc.firma.at
DC netbios name  : PDC
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
Finding a writeable DC for domain 'firma.at'
Found DC pdc.firma.at
workgroup is FIRMA
realm is firma.at
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=firma,DC=at] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=firma,DC=at] objects[402/1622] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[804/1622] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1206/1622] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1608/1622] linked_values[0/0]
Partition[CN=Configuration,DC=firma,DC=at] objects[1622/1622] linked_values[28/0]
Partition[DC=firma,DC=at] objects[98/98] linked_values[46/0]
Partition[DC=firma,DC=at] objects[500/589] linked_values[0/0]
Failed to apply records: ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at - ../ldb_tdb/ldb_index.c:1148: unique index violation on objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at: Entry already exists
Failed to commit objects: WERR_GENERAL_FAILURE
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 628, in run
    keep_existing=keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1177, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1082, in do_join
    ctx.join_replicate()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 835, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 257, in replicate
    schema=schema, req_level=req_level, req=req)
checking sAMAccountName
Adding CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Adding CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Adding CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Adding SPNs to CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Setting account password for BDC$
Enabling account
Calling bare provision
Provision OK for domain DN DC=firma,DC=at
Starting replication
Replicating critical objects from the base DN of the domain
Join failed - cleaning up
checking sAMAccountName
removing samaccount: CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Deleted CN=BDC,OU=Domain Controllers,DC=firma,DC=at
Deleted CN=NTDS Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Deleted CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=firma,DC=at
Failed to join the domain firma.at.
Wed Oct  5 11:44:39 CEST 2016: finish /usr/sbin/univention-join

#5

Moin,

was mich stutzig macht, ist diese Fehlermeldung:

Failed to apply records: ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at - ../ldb_tdb/ldb_index.c:1148: unique index violation on objectGUID in CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7,CN=Groups,DC=firma,DC=at: Entry already exists

Oder genauer: das \0 darin. Das ist das Null-Byte, etwas, das in einem Objektnamen eigentlich nicht vorkommen sollte. Bei drei UCS-Instanzen, die ich eben kurz durchsucht habe, kommt das auch nicht vor.

Der Effekt eines Null-Bytes kann sein, dass in C oder C++ dort das Ende der Zeichenkette erkannt wird. Wenn also im Index bereits ein Eintrag namens »CN=Authenticated Users« vorhanden ist, dann der oben genannte Eintrag hinzugefügt werden soll und der Code fälschlicherweise einfach bei dem Null-Byte aufhört, so würde dann versucht werden, einen zweiter Eintrag mit demselben Namen zu erzeugen.

Ich würde Ihnen raten, diesen Eintrag auf dem Master im S4 und im LDAP zumindest umzubenennenn, sodass kein \0 mehr enthalten ist, oder vielleicht gleich zu löschen. Anschließend können Sie erneut einen Join probieren.

MfG,
Moritz Bunkus


#6

Spannend. :slight_smile:

Wie genau benennt man das um, sodass das ominöse Sonderzeichen verschwindet?
Mein erster Versuch mit ldbedit misslang, bzw. ich sehe dort dieses spezielle Zeichen gar nicht.

Die Gruppe einfach zu löschen klingt auch spannend. Ich bin jetzt kein großer AD-Spezialist, aber “Authenticated Users” klingt wichtig. :wink:
Per ldapmodify könnte man sie vermutlich schnell genauso wiederherstellen wie sie vorher war und der S4-Connector stellt sie dann wohl auch im Samba wieder her, aber das muss ich erstmal in einer Testumgebung ausprobieren … :slight_smile:

Danke vorerst!

[code]root@pdc:~# univention-s4search cn=Authenticated\ Users

record 1

dn: CN=Authenticated Users,CN=Groups,DC=firma,DC=at
objectClass: top
objectClass: group
cn: Authenticated Users
instanceType: 4
whenCreated: 20160813104518.0Z
whenChanged: 20160813104518.0Z
uSNCreated: 3828
uSNChanged: 3828
name: Authenticated Users
objectGUID: fd4472e0-bdd0-456f-9e64-9a6ba7f074c7
objectSid: S-1-5-11
sAMAccountName: Authenticated Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=firma,DC=at
distinguishedName: CN=Authenticated Users,CN=Groups,DC=firma,DC=at

root@pdc:~# univention-ldapsearch -LLL -b cn=Authenticated\ Users,cn=groups,dc=firma,dc=at
dn: cn=Authenticated Users,cn=groups,dc=firma,dc=at
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
sambaGroupType: 2
gidNumber: 5020
uniqueMember: cn=DC Slave Hosts,cn=groups,dc=firma,dc=at
uniqueMember: cn=Windows Hosts,cn=groups,dc=firma,dc=at
cn: Authenticated Users
sambaSID: S-1-5-11

root@pdc:~# ldbedit -e vim -H /var/lib/samba/private/sam.ldb -b CN=Authenticated\ Users,CN=Groups,DC=FIRMA,DC=at

editing 1 records

record 1

dn: CN=Authenticated Users,CN=Groups,DC=firma,DC=at
objectClass: top
objectClass: group
cn: Authenticated Users
instanceType: 4
whenCreated: 20160813104518.0Z
whenChanged: 20160813104518.0Z
uSNCreated: 3828
uSNChanged: 3828
name: Authenticated Users
objectGUID: fd4472e0-bdd0-456f-9e64-9a6ba7f074c7
objectSid: S-1-5-11
sAMAccountName: Authenticated Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=firma,DC=at
distinguishedName: CN=Authenticated Users,CN=Groups,DC=firma,DC=at[/code]


#7

Moin,

mit Ihren Befehlen suchen Sie nach exakt einem bestimmten Objekt, da ist auch klar, dass Sie dasjenige mit dem »komischen Zeichen« nicht zu Gesicht bekommen.

Sie können versuchen, nach ‘CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7’ zu suchen, also z.B. so:

univention-s4search 'CN=Authenticated Users\0ACNF:fd4472e0-bdd0-456f-9e64-9a6ba7f074c7'

Die einfachen Anführungszeichen sind wichtig, damit das \ nicht bereits von der Shell interpretiert wird!

Spannender ist aber vermutlich auch ein einfaches…

univention-s4search|ldapsearch-wrapper|grep -i '^dn.*authenticated'

Weiterhin: in einer Basis-UCS-Installation mit Samba4 gibt es keine Gruppen, deren Name »authenticated« enthält:

[0 root@master ~] univention-s4search | ldapsearch-wrapper | grep -i authenticated [1 root@master ~]

Gruß,
mosu


#8

Hey,

Nachtrag: wurde gerade auf diesen Bug-Eintrag aufmerksam gemacht, der ziemlich exakt auf Ihre SItuation zuzutreffen scheint. Dort gibt’s auch ein Script zum Fixen.

Gruß,
mosu


#9

Ja, es war offenbar genau dieser Bug, in den ich hineingelaufen bin.

Der PDC war ursprünglich ein Samba-3-DC, welches dieses Jahr migriert wurde.

Hier nochmal das Skript, für alle mit demselben Problem:

[code]#!/bin/bash

eval “$(ucr shell)”

s4_dn=$(univention-s4search ‘(&(CN=Authenticated Users)(!(objectClass=foreignSecurityPrincipal)))’ dn | sed -n ‘s/^dn: //p’)

if [ -z “$s4_dn” ]; then
echo “Nothing to do”
exit 0
fi

if ! ucr get connector/s4/mapping/group/ignorelist | grep -q ‘Authenticated Users’; then
echo “The group ‘Authenticated Users’ is not on the connector/s4/mapping/group/ignorelist, so it’s better not to remove it now.”
echo “Please check that first.”
exit 1
fi

gid=$(univention-ldapsearch -x ‘sambaSID=S-1-5-11’ gidNumber | sed -n ‘s/^gidNumber: //p’)
temporary_fake_sid=“S-1-4-$gid”

LDB_CONTROL_PROVISION_OID=‘1.3.6.1.4.1.7165.4.3.16’
ldbmodify -H /var/lib/samba/private/sam.ldb --controls=“local_oid:$LDB_CONTROL_PROVISION_OID:0” <<%EOF
dn: $s4_dn
changetype: modify
replace: objectSid
objectSid: $temporary_fake_sid
%EOF

ldbdel -H /var/lib/samba/private/sam.ldb “$s4_dn”
[/code]

Die Ausgabe des Skripts ist dann recht unspektakulär:

root@pdc:~/siedl# ./fix_authenticated_users.sh Modified 1 records successfully Deleted 1 record

Danach ließ sich der zweite DC problemlos joinen.

Vielen Dank!


#10

Gern :slight_smile: Schön, dass es geklappt hat.