Hello it’s me again,
after the update from 4.1.4 to 4.2.1 we had several problems which we were able to solve.
Now we have another problem when joining our MacOS clients to our domain.
Our MacOS clients have a inventory numer e.g. “000448” which we were using as Host/Computername. Now we get problems when joining them to domain.
28.08.2017 09:56:41,141 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=000448,CN=Computers,DC=domain,DC=intern
28.08.2017 09:56:41,145 LDAP (PROCESS): sync to ucs: [windowscomputer] [ add] cn=000448,CN=Computers,dc=twt,dc=intern
28.08.2017 09:56:41,185 LDAP (ERROR ): InvalidSyntax: Windows workstation/server name: Value may not contain other than numbers, letters and dots! (cn=000448,CN=Computers,dc=twt,dc=intern)
this error appears since the update, it was possible to use this kind of hostname in Version 4.1.4
running an s4 search works fine:
univention-s4search -b "CN=000448,CN=Computers,DC=domain,DC=intern"
# record 1
dn: CN=000448,CN=Computers,DC=domain,DC=intern
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: 000448
instanceType: 4
whenCreated: 20170828065954.0Z
uSNCreated: 298066
networkAddress: 10.10.29.133
name: 000448
objectGUID: c08f5cfe-89cf-4e52-b60c-b6141e1ea52e
userAccountControl: 4096
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 515
objectSid: S-1-5-21-1353050950-283723966-3038142339-4109
accountExpires: 9223372036854775807
sAMAccountName: 000448$
sAMAccountType: 805306369
operatingSystem: Mac OS X
operatingSystemVersion: 10.12.5
dNSHostName: 000448.domain.intern
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=domain,DC=intern
isCriticalSystemObject: FALSE
msDS-SupportedEncryptionTypes: 28
pwdLastSet: 131483771945439930
lastLogonTimestamp: 131483772098738750
servicePrincipalName: vnc/000448.domain.intern
servicePrincipalName: cifs/000448.domain.intern
servicePrincipalName: host/000448.domain.intern
servicePrincipalName: afpserver/000448.domain.intern
whenChanged: 20170828070010.0Z
uSNChanged: 298069
lastLogon: 131483776839469550
logonCount: 3
distinguishedName: CN=000448,CN=Computers,DC=domain,DC=intern
running lis-rejected gives following output:
univention-s4connector-list-rejected
UCS rejected
S4 rejected
1: S4 DN: CN=000448,CN=Computers,DC=domain,DC=intern
UCS DN: <not found>
2: S4 DN: CN=000448,CN=Computers,DC=domain,DC=intern
UCS DN: <not found>
last synced USN: 6020303
New Computers with name N-000446
are created correctly but authentication isn’t working. users can’t log in in this new computers.
When joining a new mac to the domain, users are unable to authenticate now…
Is there a way to manage this kind of problem?
EDIT: Seems that this are two seperate problems. Naming Convention is the less problematic one. The problem is that new imaged macs can’t auhtenticate.