Problem: Can't properly join a member server


When joining a member server the joinscript 34univention-management-console-server.inst and depending scripts fail. In the `/var/log/univention/join.log’ you only find the line

  Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=ppa,dc=local
> E: DN is missing

Analysis & Solutions

In the script it is tried to find the primary group of the Administrator account which is either 'Domain Admins' or a language specific variant like 'Domänen-Admins' or 'Administrateurs Domaine'. This is done via udm so you can try this on your own

udm groups/group list --filter "cn=Domain Admins"

On a member server the host account is used to authenticate the request

ucr get ldap/hostdn

udm groups/group list --binddn "$(ucr get ldap/hostdn)" --filter "cn=Domain Admins"

By default the /etc/machine.secret is used.

1. Issue

It might happen that the member server’s machine.secret doen’t match the OpenLDAP password so you might try to set it manually on the master

root@master:~# udm computer/memberserver modify --dn <DN-OF-MEMBER-SERVER> --set password='PASSWORD-FROM-MACHINE'

2. Issue

When there is a /etc/ldap.secret it is used to authenticate along with the cn=admin user. On a member server this normally is not the case and the /etc/ldap.secret is absent. If you find a /etc/ldap.secret you should remove it

tar -cjf ldap_secret.tar.bz2 /etc/ldap.secret --remove

With both approaches the udm lookup should now work and you might re-run the join scripts