When joining a member server the joinscript
34univention-management-console-server.inst and depending scripts fail. In the `/var/log/univention/join.log’ you only find the line
--->8--- Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=ppa,dc=local > E: DN is missing EXITCODE=3```
Analysis & Solutions
In the script it is tried to find the primary group of the
Administrator account which is either
'Domain Admins' or a language specific variant like
'Administrateurs Domaine'. This is done via
udm so you can try this on your own
udm groups/group list --filter "cn=Domain Admins"
On a member server the host account is used to authenticate the request
ucr get ldap/hostdn udm groups/group list --binddn "$(ucr get ldap/hostdn)" --filter "cn=Domain Admins"
By default the
/etc/machine.secret is used.
It might happen that the member server’s
machine.secret doen’t match the OpenLDAP password so you might try to set it manually on the master
root@master:~# udm computer/memberserver modify --dn <DN-OF-MEMBER-SERVER> --set password='PASSWORD-FROM-MACHINE'
When there is a
/etc/ldap.secret it is used to authenticate along with the
cn=admin user. On a member server this normally is not the case and the
/etc/ldap.secret is absent. If you find a
/etc/ldap.secret you should remove it
tar -cjf ldap_secret.tar.bz2 /etc/ldap.secret --remove
With both approaches the
udm lookup should now work and you might re-run the join scripts