Nextcloud - Ausführung der Join Skripte schlägt fehl

dmittner · August 27, 2019, 11:46am

Hallo,

UCS Version 4.4-1 errata241

FEHLER

UCS > Domäne > Domänenbeitritt > Status > 50nextcloud	ausstehend

Auszug aus Join Protokoll (Auszug Fehlermeldungen)

...
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Alle Fehlermeldungen

sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
...
Could not create LDAP Config at Nextcloud
EXITCODE=1

Pakete sudo und univention-sudo sind installiert.

Hier das komplette Join-Protokoll ...

univention-run-join-scripts started
Di 27. Aug 10:24:02 CEST 2019

univention-join-hooks: looking for hook type "join/pre-joinscripts" on server1.grundschule-gruental.intranet
Found hooks:
cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet
Running: ucsschool-join-hook.py (cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet) in /tmp/tmpNuhM6U/tmpxyo3mc
2019-08-27 10:24:04,210 ucsschool-join-hook: [INFO] ucsschool-join-hook.py has been started
2019-08-27 10:24:04,210 ucsschool-join-hook: [INFO] Connecting to LDAP as 'cn=admin,dc=grundschule-gruental,dc=intranet' ...
2019-08-27 10:24:04,642 ucsschool-join-hook: [INFO] Determined role packages: []
2019-08-27 10:24:04,642 ucsschool-join-hook: [INFO] Calling ['univention-app', 'info', '--as-json'] ...
2019-08-27 10:24:06,430 ucsschool-join-hook: [INFO] Installed packages: [u'cups=2.2.1', u'dhcp-server=12.0', u'pkgdb=11.0', u'radius=5.0', u'samba4=4.10', u'squid=3.5', u'ucsschool=4.4 v3', u'4.1/nextcloud=16.0.4-0']
2019-08-27 10:24:06,430 ucsschool-join-hook: [INFO] Is ucsschool already installed? True
2019-08-27 10:24:06,433 ucsschool-join-hook: [INFO] ucsschool-join-hook.py is done
RUNNING 00ucs-school-app-version-check.inst
EXITCODE=already_executed
RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 25univention-dhcp.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35ucs-school-import.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-exam-master.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-exam.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-import.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-installer.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-pkgdb.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-selective-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-squid.inst
EXITCODE=already_executed
RUNNING 35univention-server-overview.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-computerroom.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-distribution.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-groups.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-helpdesk.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-internetrules.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-lessontimes.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-lists.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-rooms.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-users.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-wizards.inst
EXITCODE=already_executed
RUNNING 40ucs-school-import-http-api.inst
EXITCODE=already_executed
RUNNING 40ucs-school-ucc-integration.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 50nextcloud.inst
2019-08-27 10:24:12.534738002+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=Nextcloud,cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
Object modified: cn=server1,cn=dc,cn=computers,dc=grundschule-gruental,dc=intranet
Create nextcloud/ucs/modifyUsersFilter
Create nextcloud/ucs/userEnabled
Create nextcloud/ucs/userQuota
Create nextcloud/ucs/debug
Create nextcloud/ldap/cacheTTL
Create nextcloud/ldap/homeFolderAttribute
Create nextcloud/ldap/userSearchAttributes
Create nextcloud/ldap/userDisplayName
Create nextcloud/ldap/groupDisplayName
Create nextcloud/ldap/base
Create nextcloud/ldap/baseUsers
Create nextcloud/ldap/baseGroups
Create nextcloud/ldap/filterLogin
Create nextcloud/ldap/filterUsers
Create nextcloud/ldap/filterGroups
Object exists: cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet

Waiting for activation of the extension object nextcloud: OK
Object created: cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object exists: SAMLServiceProviderIdentifier=https://server1.grundschule-gruental.intranet/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=grundschule-gruental,dc=intranet

sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Could not create LDAP Config at Nextcloud
EXITCODE=1
e8fc9fca-de27-4e12-b9b7-855a24154919
RUNNING 50univention-pkgdb.inst
EXITCODE=already_executed
RUNNING 62ucs-school-singlemaster.inst
EXITCODE=already_executed
RUNNING 63ucs-school-portal-entry.inst
EXITCODE=already_executed
RUNNING 70ucsschool-ldap-acls-master.inst
EXITCODE=already_executed
RUNNING 79univention-printserver-pdf.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 79univention-squid.inst
EXITCODE=already_executed
RUNNING 80univention-radius.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 82univention-ucs-school-import-custom-attributes.inst
EXITCODE=already_executed
RUNNING 85italc-windows.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 91univention-saml.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-saml-kerberos.inst
EXITCODE=already_executed
RUNNING 98univention-squid-samba4.inst
EXITCODE=already_executed
RUNNING 99ucs-school-netlogon-user-logonscripts.inst
EXITCODE=already_executed
RUNNING 99ucs-school-netlogon.inst
EXITCODE=already_executed
RUNNING 99ucs-school-umc-printermoderation.inst
EXITCODE=already_executed
RUNNING 99ucsschool-italc-key.inst
EXITCODE=already_executed
univention-join-hooks: looking for hook type "join/post-joinscripts" on server1.grundschule-gruental.intranet
Found hooks:

Di 27. Aug 10:24:40 CEST 2019
univention-run-join-scripts finished

Ausgabe von # udm settings/udm_syntax list

DN: cn=syntax.ucs-school-import,cn=udm_syntax,cn=univention,dc=grundschule-gruental,dc=intranet
  active: TRUE
  data: QlpoOTFBWSZTWVwnAY0AAQNfgAAwXu+AEw0Djgu///9wQAIbc0dAhokjajeqaPUe1Jp6mjTQBoMgARTyI09EhoekGjEaNDCYRiBiminqAA0aAaAaDQNACRQIENGgNBGp6g9RmoDTyEAgEAbGZG7XspLa5gzGoaIMx00s2E1iin0D7T9B8RHN2AwqaTyyYAGlZehZAw1CZkSAUhGEqkxw8muWk3uW/QS7EPa/vKbnkRW2NsMu0K5HEPtl807yfnAOQZpl1p8phQCddDf6wVbRMM9aqQo9PXI12gJwJmMk/RzXoooMpQnKV9zmYOGp00QHvEjt9uERMPzpxUdQWp/pG5lnY8SPOWv+aAvC6cPdpjyDq9Cng/qaX/kG/muTcd62cUaVTqG5RYMgPDyirA9/ZXkbNVIYbI65Ee++VCU+5WRmeEQ5lCrbLoWhZdA2G+JiF1ugRokIxr7VfpCCgU1Z9WhdMJQHmRUK7C+RDLDEM4WXJEtl25Gse1GOfAuRcmyRJdc6MDZWXLiWlqwRzIxZU4Xpqdcl5TCROiKQSg5ODTTWGMVbYOH4gEURrVXUgEF0uzJbjboojim861oyJDCgnQML81up6Wg4aAW8JXvPun86KqIqg5QCTt0DPRWymtQTQ5F6y4yzcg25MQ2BjKMOH3nVY3RlcSR0LyKpYXyvC+ZW6gayc3OSmFtfDZ5aHKHlkdSINsMtphuACdZwEEIgaMlxihpfxdyRThQkFwnAY0A=
  filename: syntax.ucs-school-import.py
  name: syntax.ucs-school-import
  package: ucs-school-import-schema
  packageversion: 17.0.6-22A~4.4.0.201906181039
  ucsversionend: None
  ucsversionstart: None

DN: cn=app_syntax,cn=udm_syntax,cn=univention,dc=grundschule-gruental,dc=intranet
  active: TRUE
  data: QlpoOTFBWSZTWaJ1JcoAAJrfgAAwSHf8fT/v36A//9/gUAPZbWCxrbRWMEkU0NBGhomyRpkmaTNRtJ5IaMnojaglCGU0yI1QenpTahpo9QMhoAGQ0BiETJMTTEU9T1Mho9QA9TQ0DQ9Q0HMABMmABMJgmEMARgA5gAJkwAJhMEwhgCMAIAo5A9pR53dvMa3ZDWup9F2DA3s3yb5udAk8/ziaATHBDGXKyOXWetF7JJJc3F1XrEEJRcVYY1hHlGzZh9lmrjNsjJ2fuSr7Lzsnmx1f3KWssSxQhwml7HeoqqIcl8cvx3HocaX3z22nyXo0NXpagP0vxK2zuavsXnlNVuut83EIY3MHWcboZYK7wsB+r8OCGYG2gsEBVEowmgu/oXHbhFabpXl5gA15ZYce1seBu5Hd5GcN0Fjm3R7mpoj5atcyOV7g+S8id0nvpx+Bw3yHFaO+R/LaqF1qrSXd9BhbxZPv8ZNXt7UigkcG1k9x6wW7+ce5QNJzCdfphVgwe/rmPW3jmnD3OYLbYK5gpwHuk2IzldN8cnwPQF7hZVJ4YpDLoaaWcmvtoYeGIwPIkxRZTIi4ZEto63+ebYH1JeXTNMvjQOD1hrliEqYW5vSElUBcOxWBGYmG7ZaryEpIy952KGszQUVCGrExMhOxJdqOeKLqbHqBX40YoZsGQIWuN9gpaZTDzRcBBqUy4u2tER2Z7Y72+x5oSW9RDDbXdjL1o3W1YOLwO6LV/ha19b1jLapIHVZ6FspGTF7Wyoq+k2A9IQLghHxi0SIsyZeinK8rKOGN2duKy35mRgwLSoWRysuhU0Qvn0Ch6Zg1iLtihAHyoOj0BGHbce6Ls0Nxz3NyKG1GjfCRPa3BnAXlDqpwvpogirLmrsRbzGuOJvvEZDuLskcinVS+U2UHejQEjqPX+eeSFMddbsSMFIJpOvI2rMCXCdCPabNgUxaglJSYQ7QWJYBgmChPBQfciCIkFKB9xMAPPrjIKlZ1gym2oXz6ZwniDhGNCWNhOy1fQXUZzVNuaaydnapU9vOlZG3w6maNFx5NZh2PMdBWYBbUws8/OZANYnE2FKbScHoQ6CSKoiwPEamOYGCHiF1iFfAMpvKlRcIjBGALgrTqG9SlCW0HchSr8ZGZ5bXV0ILD25Jx6SBcZY2lFSgvdYiZpOl3PPZ9BSKomdCYcAXLwYJolbSbF9pixRM4RFib1wEzgRrEYsAYKDUCa0VBTASiWbaSqdCWwU7+UsgVzqS2wIfnya4Oze7jTqdOr8tAUrsWBExYPUNHCQDC0UB20NdSpsdwMwbS0Ccf8XckU4UJCidSXKA=
  filename: app_syntax.py
  name: app_syntax
  package: univention-appcenter
  packageversion: 8.0.11-3A~4.4.0.201903111012
  ucsversionend: None
  ucsversionstart: None

Ausgabe von # univention-directory-listener-ctrl status

univention-directory-listener-ctrl status
Listener status:
 run: univention-directory-listener: (pid 14342) 14855s, normally down

Current Notifier ID on "server1.grundschule-gruental.intranet"
 14961

Last Notifier ID processed by local Listener:
 14961

Last transaction processed:
 14961 cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet m

Modules:
3	app_attributes	/usr/lib/univention-directory-listener/system/app_attributes.py
3	bind	/usr/lib/univention-directory-listener/system/bind.py
3	cups-pdf	/usr/lib/univention-directory-listener/system/cups-pdf.py
3	cups-printers	/usr/lib/univention-directory-listener/system/cups-printers.py
3	dhcp	/usr/lib/univention-directory-listener/system/dhcp.py
3	faillog	/usr/lib/univention-directory-listener/system/faillog.py
3	gencertificate	/usr/lib/univention-directory-listener/system/gencertificate.py
3	hosteddomains	/usr/lib/univention-directory-listener/system/hosteddomains.py
3	keytab-member	/usr/lib/univention-directory-listener/system/keytab-member.py
3	keytab	/usr/lib/univention-directory-listener/system/keytab.py
3	ldap_extension	/usr/lib/univention-directory-listener/system/ldap_extension.py
3	ldap_server	/usr/lib/univention-directory-listener/system/ldap_server.py
3	license_uuid	/usr/lib/univention-directory-listener/system/license_uuid.py
3	nagios-client	/usr/lib/univention-directory-listener/system/nagios-client.py
3	nfs-homes	/usr/lib/univention-directory-listener/system/nfs-homes.py
3	nfs-shares	/usr/lib/univention-directory-listener/system/nfs-shares.py
3	nscd_update	/usr/lib/univention-directory-listener/system/nscd.py
3	nss	/usr/lib/univention-directory-listener/system/nss.py
3	pkgdb	/usr/lib/univention-directory-listener/system/pkgdb.py
3	pkgdb-watch	/usr/lib/univention-directory-listener/system/pkgdb-watch.py
3	portal_groups	/usr/lib/univention-directory-listener/system/portal_groups.py
3	portal_server	/usr/lib/univention-directory-listener/system/portal_server.py
3	pupilgroups	/usr/lib/univention-directory-listener/system/pupilgroups.py
3	quota	/usr/lib/univention-directory-listener/system/quota.py
3	remove-old-homedirs	/usr/lib/univention-directory-listener/system/remove-old-homedirs.py
3	remove-old-sharedirs	/usr/lib/univention-directory-listener/system/remove-old-sharedirs.py
3	s4-connector	/usr/lib/univention-directory-listener/system/s4-connector.py
3	samba4-idmap	/usr/lib/univention-directory-listener/system/samba4-idmap.py
3	samba-shares	/usr/lib/univention-directory-listener/system/samba-shares.py
3	ucs-school-user-logonscript	/usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py
3	udm_extension	/usr/lib/univention-directory-listener/system/udm_extension.py
3	umc-service-providers	/usr/lib/univention-directory-listener/system/umc-service-providers.py
3	univention-admin-diary-backend	/usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py
3	univention-radius	/usr/lib/univention-directory-listener/system/univention-radius.py
3	univention-saml-idp-config	/usr/lib/univention-directory-listener/system/univention-saml-idp-config.py
3	univention-saml-servers	/usr/lib/univention-directory-listener/system/univention-saml-servers.py
3	univention-saml-simplesamlphp-configuration	/usr/lib/univention-directory-listener/system/univention-saml-simplesamlphp-configuration.py
3	well-known-sid-name-mapping	/usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py

Ausgabe von # ls -alh /var/lib/univention-ldap/listener/listener

-rw-r--r-- 1 listener root 0 Aug 27 11:28 /var/lib/univention-ldap/listener/listener

Was übersehe ich hier ?

Vielen Dank für ev. Hilfe !

boospy · September 6, 2019, 11:36pm

Wird der Join viel. mit einem Benutzer vollzogen der nicht den vollen Zugriff auf das Directory hat? Was sind denn die Rechte von “/etc/sudoers” ? Hier sieht es so aus:
-r--r----- 1 root root 669 Jun 5 2017 /etc/sudoers

dmittner · September 9, 2019, 11:22am

Hallo boospy,

diese hatte ich schon modifiziert.
Aktuell sieht sie so aus:

# ll /etc/sudowers
-r--r--r-- 1 root root 671 Sep 2 14:23 /etc/sudoers

Wenn ich das richtig verstehe pflegt univention eine eigene sudoers-Datei … (?)

# cat /etc/sudoers.d/univention
...
# Allow members of group "Domain Admins" to execute any command
%Domain\ Admins ALL=(ALL:ALL) ALL

Da im Join.log Bezug genommen wird auf die /etc/sudoers
habe ich Letztere einmal umbenannt und einen sybolischen Link auf diese erstellt.

# ln -s /etc/sudoers.d/univention /etc/sudoers

Das hat nicht geholfen.
Inzwischen habe ich den sybolischen Link wieder entfernt.

boospy · September 10, 2019, 12:15am

Weis ich auf die Schnelle jetzt leider auch keine Lösung. Hmm… event. schreib mal den Administrator direkt in die sudoers rein. Event. umgeht das dein Problem.
Als zweiten Versuch als Workaround könntest du auch mal ein “chmod 777 /etc/sudoers”. Dann natürlich wieder zurück stellen.

Wichtig wäre es natürlich die egentliche Ursache zu finden.

dmittner · September 10, 2019, 9:46am

Gut …
zwischenzeitlich sah meine /etc/sudoers so aus:

# cat /etc/sudoers


# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification


# User privilege specification
root	ALL=(ALL:ALL) ALL
administrator	ALL=(ALL:ALL) ALL


# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL


# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

mit diesen Rechten:
-rwxrwxrwx 1 root root 702 Sep 10 10:28 /etc/sudoers

Zusätzlich über die Direktive

#includedir /etc/sudoers.d

werden ja auch die Domain-Administratoren mit einbezogen …

# cat /etc/sudoers.d/univention

# Warning: This file is auto-generated and might be overwritten by
#          univention-config-registry.
#          Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
#          univention-config-registry ueberschrieben werden.
#          Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
# 
# 	/etc/univention/templates/files/etc/sudoers.d/univention
# 

# Allow members of group "Domain Admins" to execute any command
%Domain\ Admins ALL=(ALL:ALL) ALL

Dazu …

das letzte Join.log

univention-run-join-scripts started
Di 10. Sep 11:16:32 CEST 2019

univention-join-hooks: looking for hook type “join/pre-joinscripts” on server1.grundschule-gruental.intranet
Found hooks:
cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet
Running: ucsschool-join-hook.py (cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet) in /tmp/tmpAQVyTm/tmpBz2uN2
2019-09-10 11:16:33,936 ucsschool-join-hook: [INFO] ucsschool-join-hook.py has been started
2019-09-10 11:16:33,936 ucsschool-join-hook: [INFO] Connecting to LDAP as ‘cn=admin,dc=grundschule-gruental,dc=intranet’ …
2019-09-10 11:16:34,424 ucsschool-join-hook: [INFO] Determined role packages: []
2019-09-10 11:16:34,424 ucsschool-join-hook: [INFO] Calling [‘univention-app’, ‘info’, ‘–as-json’] …
2019-09-10 11:16:36,282 ucsschool-join-hook: [INFO] Installed packages: [u’cups=2.2.1’, u’dhcp-server=12.0’, u’pkgdb=11.0’, u’radius=5.0’, u’samba4=4.10’, u’squid=3.5’, u’ucsschool=4.4 v3’, u’4.1/nextcloud=16.0.4-0’]
2019-09-10 11:16:36,283 ucsschool-join-hook: [INFO] Is ucsschool already installed? True
2019-09-10 11:16:36,286 ucsschool-join-hook: [INFO] ucsschool-join-hook.py is done
RUNNING 50nextcloud.inst
2019-09-10 11:16:40.575601742+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
Object exists: cn=Nextcloud,cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
WARNING: cannot append Nextcloud to service, value exists
No modification: cn=server1,cn=dc,cn=computers,dc=grundschule-gruental,dc=intranet
Not updating nextcloud/ucs/modifyUsersFilter
Not updating nextcloud/ucs/userEnabled
Not updating nextcloud/ucs/userQuota
Not updating nextcloud/ucs/debug
Not updating nextcloud/ldap/cacheTTL
Not updating nextcloud/ldap/homeFolderAttribute
Not updating nextcloud/ldap/userSearchAttributes
Not updating nextcloud/ldap/userDisplayName
Not updating nextcloud/ldap/groupDisplayName
Not updating nextcloud/ldap/base
Not updating nextcloud/ldap/baseUsers
Not updating nextcloud/ldap/baseGroups
Not updating nextcloud/ldap/filterLogin
Not updating nextcloud/ldap/filterUsers
Not updating nextcloud/ldap/filterGroups
Object exists: cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet

Waiting for activation of the extension object nextcloud: OK
Object exists: cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
E: Object exists: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
No modification: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
E: Object exists: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
No modification: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
E: Object exists: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
No modification: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object exists: SAMLServiceProviderIdentifier=https://server1.grundschule-gruental.intranet/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=grundschule-gruental,dc=intranet
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Could not create LDAP Config at Nextcloud
EXITCODE=1
3f1e8586-7f5f-4443-a0a6-135d0620bdd3
univention-join-hooks: looking for hook type “join/post-joinscripts” on server1.grundschule-gruental.intranet
Found hooks:

Di 10. Sep 11:16:58 CEST 2019
univention-run-join-scripts finished

Könnte dies noch ein Anhaltspunkt sein ?
…

2019-09-10 11:16:33,936 ucsschool-join-hook: [INFO] Connecting to LDAP as 'cn=admin,dc=grundschule-gruental,dc=intranet' ...
2019-09-10 11:16:34,424 ucsschool-join-hook: [INFO] Determined role packages: []

Abschließend;
es taucht im Log immer wieder diese Meldung auf:

cp: der Aufruf von stat für '' ist nicht möglich: Datei oder Verzeichnis nicht gefunden

Wird hier ev. etwas Existenzielles vermisst?

Nun, ich deinstalliere noch einmal alles komplett, einschl. Bereinigung
und versuche es nach aktuellen Updates noch einmal.

Danke!

dmittner · September 11, 2019, 5:58am

Update

Die momentan installierte Version ist 4.4-1 errata251.
Es sind keine Paket-Aktualisierungen verfügbar.
Es sind keine App Center-Aktualisierungen verfügbar.

Auch nach nun mehreren Updates und erweiterten Berechtigungen besteht der Fehler weiter …

Join-Fehler

Letzte Join.log

cp: der Aufruf von stat für ‘’ ist nicht möglich: Datei oder Verzeichnis nicht gefunden

univention-run-join-scripts started
Di 10. Sep 13:34:16 CEST 2019

univention-join-hooks: looking for hook type “join/pre-joinscripts” on server1.grundschule-gruental.intranet
Found hooks:
cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet
Running: ucsschool-join-hook.py (cn=ucsschool-join-hook.py,cn=data,cn=univention,dc=grundschule-gruental,dc=intranet) in /tmp/tmp1yb2vJ/tmpoMnoOv
2019-09-10 13:34:17,683 ucsschool-join-hook: [INFO] ucsschool-join-hook.py has been started
2019-09-10 13:34:17,683 ucsschool-join-hook: [INFO] Connecting to LDAP as ‘cn=admin,dc=grundschule-gruental,dc=intranet’ …
2019-09-10 13:34:18,118 ucsschool-join-hook: [INFO] Determined role packages: []
2019-09-10 13:34:18,119 ucsschool-join-hook: [INFO] Calling [‘univention-app’, ‘info’, ‘–as-json’] …
2019-09-10 13:34:19,965 ucsschool-join-hook: [INFO] Installed packages: [u’cups=2.2.1’, u’dhcp-server=12.0’, u’pkgdb=11.0’, u’radius=5.0’, u’samba4=4.10’, u’squid=3.5’, u’ucsschool=4.4 v3’, u’4.1/nextcloud=16.0.4-0’]
2019-09-10 13:34:19,966 ucsschool-join-hook: [INFO] Is ucsschool already installed? True
2019-09-10 13:34:19,968 ucsschool-join-hook: [INFO] ucsschool-join-hook.py is done
RUNNING 00ucs-school-app-version-check.inst
EXITCODE=already_executed
RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 25univention-dhcp.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35ucs-school-import.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-exam-master.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-exam.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-import.inst
EXITCODE=already_executed
RUNNING 35ucs-school-umc-installer.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-pkgdb.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-selective-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-squid.inst
EXITCODE=already_executed
RUNNING 35univention-server-overview.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-computerroom.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-distribution.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-groups.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-helpdesk.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-internetrules.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-lessontimes.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-lists.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-rooms.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-users.inst
EXITCODE=already_executed
RUNNING 38ucs-school-umc-wizards.inst
EXITCODE=already_executed
RUNNING 40ucs-school-import-http-api.inst
EXITCODE=already_executed
RUNNING 40ucs-school-ucc-integration.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 50nextcloud.inst
2019-09-10 13:34:26.037628555+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=Nextcloud,cn=services,cn=univention,dc=grundschule-gruental,dc=intranet
Object modified: cn=server1,cn=dc,cn=computers,dc=grundschule-gruental,dc=intranet
Create nextcloud/ucs/modifyUsersFilter
Create nextcloud/ucs/userEnabled
Create nextcloud/ucs/userQuota
Create nextcloud/ucs/debug
Create nextcloud/ldap/cacheTTL
Create nextcloud/ldap/homeFolderAttribute
Create nextcloud/ldap/userSearchAttributes
Create nextcloud/ldap/userDisplayName
Create nextcloud/ldap/groupDisplayName
Create nextcloud/ldap/base
Create nextcloud/ldap/baseUsers
Create nextcloud/ldap/baseGroups
Create nextcloud/ldap/filterLogin
Create nextcloud/ldap/filterUsers
Create nextcloud/ldap/filterGroups
Object exists: cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet
INFO: No change of core data of object nextcloud.
No modification: cn=nextcloud,cn=ldapschema,cn=univention,dc=grundschule-gruental,dc=intranet

Waiting for activation of the extension object nextcloud: OK
Object created: cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object created: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=grundschule-gruental,dc=intranet
Object exists: SAMLServiceProviderIdentifier=https://server1.grundschule-gruental.intranet/nextcloud/apps/user_saml/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=grundschule-gruental,dc=intranet
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
sudo: unable to stat /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
Could not create LDAP Config at Nextcloud
EXITCODE=1
d8d75d41-0c7c-4301-9fe4-8c653394e53c
RUNNING 50univention-pkgdb.inst
EXITCODE=already_executed
RUNNING 62ucs-school-singlemaster.inst
EXITCODE=already_executed
RUNNING 63ucs-school-portal-entry.inst
EXITCODE=already_executed
RUNNING 70ucsschool-ldap-acls-master.inst
EXITCODE=already_executed
RUNNING 79univention-printserver-pdf.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 79univention-squid.inst
EXITCODE=already_executed
RUNNING 80univention-radius.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 82univention-ucs-school-import-custom-attributes.inst
EXITCODE=already_executed
RUNNING 85italc-windows.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 91univention-saml.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-saml-kerberos.inst
EXITCODE=already_executed
RUNNING 98univention-squid-samba4.inst
EXITCODE=already_executed
RUNNING 99ucs-school-netlogon-user-logonscripts.inst
EXITCODE=already_executed
RUNNING 99ucs-school-netlogon.inst
EXITCODE=already_executed
RUNNING 99ucs-school-umc-printermoderation.inst
EXITCODE=already_executed
RUNNING 99ucsschool-italc-key.inst
EXITCODE=already_executed
univention-join-hooks: looking for hook type “join/post-joinscripts” on server1.grundschule-gruental.intranet
Found hooks:

Di 10. Sep 13:34:53 CEST 2019
univention-run-join-scripts finished

:-???

matthias.koerner · September 12, 2019, 5:51pm

Could not create LDAP Config at Nextcloud

Ich hatte diese Meldung neulich auch. Bei mir lag es daran, dass die Let’s Encrypt-Domains und Zertifikate sich nicht mit dem Join-Script vertragen haben. Ich habe:

Let’s Encrypt deinstalliert
Nexcloud-Container deinstalliert
alle Verweise aus der lokalen Config gelöscht
Nextcloud via Appcenter installiert
Let’s Encrypt installiert
Domains wieder in Let’s Encrypt eingetragen

Hat zwar nicht viel zu tun mit sudo, aber die Fehlermeldung mit der nicht erstellbaren LDAP-Config in Nextcloud ist gleich. Vielleicht wäre das auch eine Betrachtung wert und die sudo-Fehlermeldung ist ein Holzweg.

dmittner · September 12, 2019, 6:31pm

Danke für Deine Hinweise Matthias.

Let’s Encrypt (und Zertifikate) habe ich nicht installiert,
da ich dies für den nur im Intranet stehenden Server bisher nicht für erforderlich hielt.
Da
Could not create LDAP Config at Nextcloud
erst nach dem Sudo-Fehlern auftaucht, bin ich auf diesen Gedanken nicht gekommen,
bzw. halte dies für eine Folge-Fehlermeldung …

matthias.koerner · September 13, 2019, 8:05am

Kein Ding, hätte ja auch was in der Richtung sein können.
Hast du mal “System --> Systemdiagnose” auf allen Servern laufen lassen? Gibt es da evtl. Fehler?

dmittner · September 13, 2019, 10:14am

Ja, Letzteres habe ich auch mal ausgeführt > keine Fehler :-!

cpzengel · July 29, 2021, 1:48pm

Das Problem kommt so weit ich weiss bei AD Members, gibts da ne Lösung?