Need help joining Windows server 2008 R2 with UCS 4.2.0

taruee · September 5, 2017, 8:49pm

I need some assistance as I am trying to setup a UCS 4.2.0 backup DC to my Windows 2008 R2 AD and PDC but I get this message when I do univention-join:

root@ucsbkadc:/# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2017 Univention GmbH, Germany

Enter DC Master Account : administrator
Enter DC Master Password:

Search DC Master: done
Check DC Master:

Join failed! *
Contact your system administrator *

Message: ssh-login for administrator@ucsbkadc.internal.mfed.gov.ki failed. Maybe you entered a wrong password.

When I use root as user I get this:

root@ucsbkadc:/# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2017 Univention GmbH, Germany

Enter DC Master Account : root
Enter DC Master Password:

Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn No such object (32)
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

Join failed! *
Contact your system administrator *

Message: binddn for user root not found.

Can anybody assist me on this? If providing links to the solution of this, I will be eager to follow…

Thank you very much

Moritz_Bunkus · September 6, 2017, 7:04am

Hey,

the univention-join command is only used to join Univention servers into a Univention domain.

You seem to be a bit confused about the two different meanings of “domain” in the context of Univention servers. There are actually two different domain concepts at work: the Univention domain and the Active Directory domain. Unfortunately both use similar terms which leads to much confusion.

In the Univention domain context there are four server types: DC Master, DC Backup, DC Slave and member server. Each Univention domain consists of exactly one DC Master and any number of additional servers of any of the other three types. The command univention-join is used to join a DC Backup, DC Slave or memberserver to a Univention domain’s DC Master.

It is not used to join such a server to an Active Directory domain.

Each of these servers can but does not have to be a member of an Active Directory domain, too. If you want to join such a server to an Active Directory domain, then you need the app “Univention AD Connector”. Its configuration is usually done via the web frontend. Read more about that in the documentation. In such a setup you still have a UCS domain — in addition to the Active Directory domain. However, this also means that you need a UCS DC Master. Simply setting up a UCS DC Backup without a UCS DC Master won’t work.

Now for the most important part: a UCS-based server cannot be an Active Directory domain controller together with Windows-based AD domain controllers! Therefore what you originally tried to achieve is not really possible (or at least not supported) at the moment. If you have an AD with Windows-based domain controllers, then a UCS server can only act as an AD member server without domain controller properties.

Kind regards,
mosu