Problem: DHCP Server Does Not Start on a ucs@school Replica Server - objectClass=dhcpServer

Knowledge Base Community
, , , , ,
1

Problem:

After the installation from package univention-dhcp on the ucs@school Replica, the Service for the isc-dhcp couldnt start successfully. You will get an similar message in /var/log/univention/join.log:

RUNNING 25univention-dhcp.inst
2026-01-06 12:13:43.417072888+01:00 (in joinscript_init)
Object exists: cn=univention,cn=dhcp,dc=univention,dc=de
Object exists: (dhcpserver) DHCP server name already used: DC-School.
25univention-dhcp.inst: Number of existing DHCP (Shared) Sub-Networks: 155
Using BINDDN uid=support,cn=users,dc=univention,dc=de
DHCP subnet 10.1.1.0 already exists
Object exists: cn=services,cn=univention,dc=univention,dc=de
Object exists: cn=DHCP,cn=services,cn=univention,dc=univention,dc=de
No modification: cn=DC-School,cn=dc,cn=server,cn=computers,ou=School,dc=univention,dc=de
WARNING: cannot append DHCP to service, value exists
Job for isc-dhcp-server.service failed because the control process exited with error code.
See "systemctl status isc-dhcp-server.service" and "journalctl -xeu isc-dhcp-server.service" for details.
2026-01-06 12:13:46.806948875+01:00 (in joinscript_save_current_version)

The DHCP server does not start anymore on the ucs@school Server.

In the file /var/log/syslog (older UCS Systems) or in journalctl -xeu isc-dhcp-server.service (since UCS 5.2), you will find the following messages:

Jan 20 14:31:17 slave dhcpd[6670]: Error: Cannot find LDAP entry matching (&(objectClass=dhcpServer)(cn=slave))
Jan 20 14:31:17 slave dhcpd[6670]: Configuration file errors encountered -- exiting
Jan 20 14:31:17 slave dhcpd[6670]: 
Jan 20 14:31:17 slave dhcpd[6670]: If you think you have received this message due to a bug rather
Jan 20 14:31:17 slave dhcpd[6670]: than a configuration issue please read the section on submitting
Jan 20 14:31:17 slave dhcpd[6670]: bugs on either our web page at www.isc.org or in the README file
Jan 20 14:31:17 slave dhcpd[6670]: before submitting a bug.  These pages explain the proper
Jan 20 14:31:17 slave dhcpd[6670]: process and the information we find helpful for debugging..
Jan 20 14:31:17 slave dhcpd[6670]: 
Jan 20 14:31:17 slave dhcpd[6670]: exiting.

Solution:

Step 1 - Verify machine account password is correct

In both commands you should see a directory named “bin” (ignore error message about the missing directories).

root@slave:/var/log# univention-ssh /etc/machine.secret "$(hostname)\$@$(ucr get ldap/master)" ls| head -n1
Could not chdir to home directory /dev/null: Not a directory
bash: /dev/null/.bashrc: Ist kein Verzeichnis
bin

root@slave:/var/log# univention-ssh /etc/machine.secret "$(hostname)\$@$(hostname)" ls| head -n1
Could not chdir to home directory /dev/null: Not a directory
bash: /dev/null/.bashrc: Ist kein Verzeichnis
bin

Step 2 -Check if the machine account can access the dhcpServer object.

root@lenaedu:~# univention-ldapsearch -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret "(&(objectClass=dhcpServer)(cn=$(hostname)))"
# extended LDIF
#
# LDAPv3
# base <dc=schulen,dc=ucs> (default) with scope subtree
# filter: (&(objectClass=dhcpServer)(cn=lenaedu))
# requesting: ALL
#

# lenaedu, schulelena, dhcp, SchuleLena, schulen.ucs
dn: cn=lenaedu,cn=schulelena,cn=dhcp,ou=SchuleLena,dc=schulen,dc=ucs
cn: lenaedu
objectClass: top
objectClass: univentionObject
objectClass: dhcpServer
univentionObjectType: dhcp/server
dhcpServiceDN: cn=schulelena,cn=dhcp,ou=SchuleLena,dc=schulen,dc=ucs

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Step 3 - Verify if the base-DN is set correctly

Use the command ucr get dhcpd/ldap/base to display current setting. On ucs@school replica servers this should be set containing the ou= of the school:

root@lenaedu:~# ucr get dhcpd/ldap/base
cn=dhcp,ou=schulelena,dc=schulen,dc=ucs

ucr info dhcpd/ldap/base
dhcpd/ldap/base: cn=dhcp,ou=Heisenberg,dc=miro,dc=intranet
 This variable configures the LDAP container (to be specified as a LDAP DN), which is to be used as the search base for LDAP queries of the DHCP server. This way the DHCP server can be configured to only perform search requests in a given LDAP sub container. If the variable is unset, the container cn=dhcp below the LDAP base is used.
 Categories: service-dhcp
 Default: (not set)
 Type: str

On all other UCS systems it should be empty. If this is empty on ucs@school systems the dhcp server does not use the correct LDAP base and therefore does not find its configuration.

You can use the following command to set the variable. Just add the correct ou= for your school.

  • ucr set dhcpd/ldap/base='cn=dhcp,ou=School,dc=univentiondc=de'
Create dhcpd/ldap/base
File: /etc/dhcp/dhcpd.conf

Execute the join script for dhcp.

  • univention-run-join-scripts --run-scripts 25univention-dhcp --force
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2025 Univention GmbH, Germany

Enter Primary Directory Node Account : univention.support
Enter Primary Directory Node Password:

Search LDAP binddn:                                        done
Running pre-joinscripts hook(s):                           done
Running 25univention-dhcp.inst                             done
Running post-joinscripts hook(s):                          done

Restart the service for dhcp

  • systemctl restart isc-dhcp-server.service

So finally, the service will be started without any issue’s.

systemctl status isc-dhcp-server.service
● isc-dhcp-server.service - ISC DHCP Server for IPv4
     Loaded: loaded (/etc/init.d/isc-dhcp-server; generated)
    Drop-In: /usr/lib/systemd/system/isc-dhcp-server.service.d
             └─univention-dhcp.conf
     Active: active (running) since Wed 2026-01-07 13:21:33 CET; 5s ago
       Docs: man:systemd-sysv-generator(8)
             man:dhcpd(8)
    Process: 2260630 ExecStartPre=/bin/touch /var/lib/dhcp/dhcpd.leases (code=exited, status=0/SUCCESS)
    Process: 2260631 ExecStartPre=/usr/sbin/dhcpd -t -4 -q -cf /etc/dhcp/dhcpd.conf (code=exited, status=0/SUCCESS)
   Main PID: 2260633 (dhcpd)
      Tasks: 1 (limit: 77099)
     Memory: 5.2M
        CPU: 72ms
     CGroup: /system.slice/isc-dhcp-server.service
             └─2260633 /usr/sbin/dhcpd -f -4 -q -cf /etc/dhcp/dhcpd.conf

Jan 07 13:21:33 osw dhcpd[2260633]:    to which interface vethef8fb43 is attached. **
Jan 07 13:21:33 osw dhcpd[2260633]: 
Jan 07 13:21:33 osw dhcpd[2260633]: 
Jan 07 13:21:33 osw dhcpd[2260633]: No subnet declaration for docker0 (172.17.42.1).
Jan 07 13:21:33 osw dhcpd[2260633]: ** Ignoring requests on docker0.  If this is not what
Jan 07 13:21:33 osw dhcpd[2260633]:    you want, please write a subnet declaration
Jan 07 13:21:33 osw dhcpd[2260633]:    in your dhcpd.conf file for the network segment
Jan 07 13:21:33 osw dhcpd[2260633]:    to which interface docker0 is attached. **
Jan 07 13:21:33 osw dhcpd[2260633]: 
Jan 07 13:21:33 osw dhcpd[2260633]: Server starting service.