No RID Pool for Slave DC

Hey, I’ve been trying to join a slave server to my domain and have ran into an issue during the join and believe it’s due to the fact that there has been no RID Pool allocated for the slave on the master.

Servers involved:

  1. ucs-master: Univention DC Master 4.3-0 (Has RID Master Role)
  2. mrucs: Univention DC Slave 4.3-0
  3. pnucs: Univention DC Slave 4.3-0

On the slave (pnucs), I’ve ran univention-run-join-scripts with the following output:

Search LDAP binddn                                         done
Running 01univention-ldap-server-init.inst                 skipped (already executed)
Running 03univention-directory-listener.inst               skipped (already executed)
Running 04univention-ldap-client.inst                      skipped (already executed)
Running 05univention-bind.inst                             skipped (already executed)
Running 08univention-apache.inst                           skipped (already executed)
Running 10univention-ldap-server.inst                      skipped (already executed)
Running 11univention-heimdal-init.inst                     skipped (already executed)
Running 11univention-pam.inst                              skipped (already executed)
Running 15univention-heimdal-kdc.inst                      skipped (already executed)
Running 18python-univention-directory-manager.inst         skipped (already executed)
Running 20univention-directory-policy.inst                 skipped (already executed)
Running 20univention-join.inst                             skipped (already executed)
Running 26univention-nagios-common.inst                    skipped (already executed)
Running 30univention-appcenter.inst                        skipped (already executed)
Running 30univention-nagios-client.inst                    skipped (already executed)
Running 31univention-nagios-s4-connector.inst              skipped (already executed)
Running 31univention-nagios-samba.inst                     skipped (already executed)
Running 33univention-portal.inst                           skipped (already executed)
Running 34univention-management-console-server.inst        skipped (already executed)
Running 35univention-appcenter-docker.inst                 skipped (already executed)
Running 35univention-management-console-module-appcenter.inskipped (already executed)
Running 35univention-management-console-module-diagnostic.iskipped (already executed)
Running 35univention-management-console-module-join.inst   skipped (already executed)
Running 35univention-management-console-module-lib.inst    skipped (already executed)
Running 35univention-management-console-module-mrtg.inst   skipped (already executed)
Running 35univention-management-console-module-printers.insskipped (already executed)
Running 35univention-management-console-module-quota.inst  skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.insskipped (already executed)
Running 35univention-management-console-module-setup.inst  skipped (already executed)
Running 35univention-management-console-module-sysinfo.instskipped (already executed)
Running 35univention-management-console-module-top.inst    skipped (already executed)
Running 35univention-management-console-module-ucr.inst    skipped (already executed)
Running 35univention-management-console-module-updater.instskipped (already executed)
Running 35univention-nagios-cups.inst                      skipped (already executed)
Running 36univention-management-console-module-apps.inst   skipped (already executed)
Running 40univention-virtual-machine-manager-schema.inst   skipped (already executed)
Running 79univention-printserver.inst                      skipped (already executed)
Running 81univention-nfs-server.inst                       skipped (already executed)
Running 90univention-bind-post.inst                        skipped (already executed)
Running 92univention-management-console-web-server.inst    skipped (already executed)
Running 96univention-samba4.inst                           skipped (already executed)
Running 97univention-s4-connector.inst                     skipped (already executed)
Running 98univention-pkgdb-tools.inst                      skipped (already executed)
Running 98univention-samba4-dns.inst                       failed (exitcode: 1)
Running 98univention-samba4-saml-kerberos.inst             skipped (already executed)

The log /var/log/univention/join.log shows this near the end:

univention-run-join-scripts started
Mon Jul 16 13:58:19 PDT 2018

RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
2018-07-16 13:58:32.551136670-07:00 (in joinscript_init)
Waiting for RID Pool replication: ...................................................................................................................................................................................
Error no rIDSetReferences replicated for pnucs
EXITCODE=1
RUNNING 98univention-samba4-saml-kerberos.inst
EXITCODE=already_executed

Mon Jul 16 14:03:46 PDT 2018
univention-run-join-scripts finished

On the ucs-master, I check for allocated RID sets with the following command ldbsearch -H /var/lib/samba/private/sam.ldb CN=“RID Set”:

# record 1
dn: CN=RID Set,CN=UCS-MASTER,OU=Domain Controllers,DC=int,DC=exampledomain,DC=net
objectClass: top
objectClass: rIDSet
cn: RID Set
instanceType: 4
whenCreated: 20180201013255.0Z
uSNCreated: 3586
showInAdvancedViewOnly: TRUE
name: RID Set
objectGUID: 6aaa35db-bbdc-4323-8063-95f35f8995ca
objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=int,DC=exampledomain,DC=net
rIDAllocationPool: 1600-2099
rIDPreviousAllocationPool: 1600-2099
rIDUsedPool: 1
whenChanged: 20180405001834.0Z
uSNChanged: 8728
rIDNextRID: 1710
distinguishedName: CN=RID Set,CN=UCS-MASTER,OU=Domain Controllers,DC=int,DC=exampledomain,DC=net

# record 2
dn: CN=RID Set,CN=MRUCS,OU=Domain Controllers,DC=int,DC=exampledomain,DC=net
objectClass: top
objectClass: rIDSet
cn: RID Set
instanceType: 4
whenCreated: 20180628002749.0Z
whenChanged: 20180628002749.0Z
uSNCreated: 16817
uSNChanged: 16817
showInAdvancedViewOnly: TRUE
name: RID Set
objectGUID: e5ca2386-9732-4966-9184-a7d87123f8ed
rIDAllocationPool: 4600-5099
rIDPreviousAllocationPool: 0-0
rIDUsedPool: 0
rIDNextRID: 0
objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=int,DC=exampledomain,DC=net
distinguishedName: CN=RID Set,CN=MRUCS,OU=Domain Controllers,DC=int,DC=exampledomain,DC=net

# Referral
ref: ldap://int.exampledomain.net/CN=Configuration,DC=int,DC=exampledomain,DC=net

# Referral
ref: ldap://int.exampledomain.net/DC=DomainDnsZones,DC=int,DC=exampledomain,DC=net

# Referral
ref: ldap://int.exampledomain.net/DC=ForestDnsZones,DC=int,DC=exampledomain,DC=net

# returned 5 records
# 2 entries
# 3 referrals

There is no RID Set allocated to pnucs for some reason. My question is how do I safely generate a RID Pool for this slave DC?

Thanks!

Have you checked this SDB-article?

Hey Knebb, thanks for the response!

I have a question with the link. If there’s no RID Objects in the LDB under the computer object to begin with for the server, how would I generate those values initially? The article seems to hint there should already be those objects there.

Ended up removing the Slave DC and reisntalling/joining which was successful.

Mastodon