Problem: DHCP Server Does Not Start on a ucs@school Slave Server

Christian_Voelker · January 22, 2020, 9:00am

Problem

The DHCP server does not start on a ucs@school slave server.

Environment

In the file /var/log/syslog you will find the following messages:

Jan 20 14:31:17 slave dhcpd[6670]: Error: Cannot find LDAP entry matching (&(objectClass=dhcpServer)(cn=slave))
Jan 20 14:31:17 slave dhcpd[6670]: Configuration file errors encountered -- exiting
Jan 20 14:31:17 slave dhcpd[6670]: 
Jan 20 14:31:17 slave dhcpd[6670]: If you think you have received this message due to a bug rather
Jan 20 14:31:17 slave dhcpd[6670]: than a configuration issue please read the section on submitting
Jan 20 14:31:17 slave dhcpd[6670]: bugs on either our web page at www.isc.org or in the README file
Jan 20 14:31:17 slave dhcpd[6670]: before submitting a bug.  These pages explain the proper
Jan 20 14:31:17 slave dhcpd[6670]: process and the information we find helpful for debugging..
Jan 20 14:31:17 slave dhcpd[6670]: 
Jan 20 14:31:17 slave dhcpd[6670]: exiting.

Solution

Step 1 - Verify machine account password is correct

In both commands you should see a directory named “bin” (ignore error message about the missing directories).

root@slave:/var/log# univention-ssh /etc/machine.secret "$(hostname)\$@$(ucr get ldap/master)" ls| head -n1
Could not chdir to home directory /dev/null: Not a directory
bash: /dev/null/.bashrc: Ist kein Verzeichnis
bin

root@slave:/var/log# univention-ssh /etc/machine.secret "$(hostname)\$@$(hostname)" ls| head -n1
Could not chdir to home directory /dev/null: Not a directory
bash: /dev/null/.bashrc: Ist kein Verzeichnis
bin

Step 2 -Check if the machine account can access the dhcpServer object.

root@lenaedu:~# univention-ldapsearch -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret "(&(objectClass=dhcpServer)(cn=$(hostname)))"
# extended LDIF
#
# LDAPv3
# base <dc=schulen,dc=ucs> (default) with scope subtree
# filter: (&(objectClass=dhcpServer)(cn=lenaedu))
# requesting: ALL
#

# lenaedu, schulelena, dhcp, SchuleLena, schulen.ucs
dn: cn=lenaedu,cn=schulelena,cn=dhcp,ou=SchuleLena,dc=schulen,dc=ucs
cn: lenaedu
objectClass: top
objectClass: univentionObject
objectClass: dhcpServer
univentionObjectType: dhcp/server
dhcpServiceDN: cn=schulelena,cn=dhcp,ou=SchuleLena,dc=schulen,dc=ucs

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

Step 3 - Verify if the base-DN is set correctly

Use the command ucr get dhcpd/ldap/base to display current setting. On ucs@school slave servers this should be set containing the ou= of the school:

root@lenaedu:~# ucr get dhcpd/ldap/base
cn=dhcp,ou=schulelena,dc=schulen,dc=ucs

On all other UCS systems it should be empty. If this is empty on ucs@school systems the dhcp server does not use the correct LDAP base and therefore does not find its configuration.