Hello im running UMC 4.4-2 errata330 (Blumenthal) with nextcloud 16.0.6-0 linked to a Windows Active DIrectory
All our new users created after the installation of UMC are not present when we do a search of a user with this command
ldap:check-user USERNAME
Or that we browse the LDAP Directory
How can we refresh the ldap directory automaticly or manually so new users created after the initial installation can be seen
Thanks !
If i do this command for a username that is not sync i get only this instead of all info like other user who are sync
root@cloud:~# univention-ldapsearch uid=chanvani
search: 3
result: 0 Success
If i do this command i get an error
root@cloud:~# univention-adsearch CN=Administrator
kdestroy: krb5_cc_destroy: Did not find a plugin for ccache_ops
kinit: Password incorrect
Traceback (most recent call last):
File “/usr/sbin/univention-adsearch”, line 163, in
get_kerberos_ticket()
File “/usr/sbin/univention-adsearch”, line 156, in get_kerberos_ticket
raise kerberosAuthenticationFailed(‘The following command failed: “%s”’ % string.join(cmd_block))
main.kerberosAuthenticationFailed: The following command failed: “kinit --no-addresses --password-file=/etc/machine.secret cloud$”
So how can i change the password ?
Anyone can help ?
Thanks !
With this command it seem to see my user
root@cloud:~# kinit chanvani
chanvani@xxx.xxx.xx.xx’s Password:
root@cloud:~# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: chanvani@xxx.xxx.xx.xx
Issued Expires Principal
Nov 14 11:23:07 2019 Nov 14 21:23:07 2019 krbtgt/xxx.xxx.xx.xx@xxx.xxx.xx.xx
Im joined correctly
root@cloud:~# univention-check-join-status
Joined successfully
Any help would be appreciate
Thanks !
Anyone can help please ?
Anyone can help me please. I don’t find anything to solve this problem 
I don’t know anything about the AD connector. But in your case I would try to reset the password of the machine account cloud$ using Windows AD tools.
You mean reseting the pasword in my active directory domain for the “CLOUD” object ?
Im not sure how to do this
I forget this problem for a while and decide to start working on the case this morning and ive found the problem
In the active directory users and computers the computer object of the Univention server wich is named “cloud” for me had the wrong password
On my dc in event viewer log in security ive found this error
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: CLOUD$
Source Workstation: CLOUD
Error Code: 0xC000006A
0xC000006A = The username is correct but the password is wrong ( https://www.manageengine.com/products/active-directory-audit/kb/windows-security-log-event-id-4776.html )
So i check the password on the server with his command
root@cloud:/var/log/univention# more /etc/machine.secret
YLEf94FfpGLLKihVC8EH
Then i open a powershell windows and reset the password of the computer object “cloud”
Set-ADAccountPassword ‘CN=cloud,CN=Computers,DC=xxx,DC=xxx,DC=xxx,DC=xxx’ -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “YLEf94FfpGLLKihVC8EH” -Force)
Then everything start to sync back again
Now when im looking at the log in /var/log/univention/connector-status.log im seing this
On the file /var/log/univention/connector.log isee some errors like that
12.02.2020 15:01:10.704 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=JUR - Secrétaires Direction,OU=Juridiques_Security_Groups,OU=Juridiques,OU=xxx,OU=Ville De xxx,DC=ville,DC=xxx,DC=qc,DC=ca
12.02.2020 15:01:10.711 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=JUR - Secrétaires Direction,ou=juridiques_security_groups,ou=juridiques,ou=xxx,ou=ville de xxx,dc=ville,dc=xxx,dc=qc,dc=ca
12.02.2020 15:01:10.713 LDAP (ERROR ): Unknown Exception during sync_to_ucs
12.02.2020 15:01:10.713 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1293, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1133, in modify_in_ucs
return bool(ucs_object.modify())
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 651, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 1312, in _modify
self._ldap_pre_modify()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 470, in _ldap_pre_modify
self.check_ad_group_type_change()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 929, in check_ad_group_type_change
raise univention.admin.uexceptions.adGroupTypeChangeDomainLocalToGlobal
adGroupTypeChangeDomainLocalToGlobal
12.02.2020 15:01:10.714 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=VB Distribution - Tous,OU=Ville De xxx,DC=ville,DC=xxx,DC=qc,DC=ca
12.02.2020 15:01:10.735 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=VB Distribution - Tous,ou=ville de xxx,dc=ville,dc=xxx,dc=qc,dc=ca
12.02.2020 15:01:10.842 LDAP (ERROR ): Unknown Exception during sync_to_ucs
12.02.2020 15:01:10.843 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1278, in sync_to_ucs
result = self.add_in_ucs(property_type, object, module, position)
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1124, in add_in_ucs
return bool(ucs_object.create())
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 558, in create
dn = self._create(response=response, serverctrls=serverctrls)
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 1241, in _create
al = self._ldap_addlist()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 489, in _ldap_addlist
raise univention.admin.uexceptions.mailAddressUsed
mailAddressUsed
Any ideas ?
Thanks hope it can help someone