Problem rejoining slave DC

Hi,

I try to rejoin a slave server without any luck. It fails on 03univention-directory-listener.inst. As far as I understand, the problem is related to the machine password. I have followed the instrutions to alter it in LDAP according to Problem: Unable to (re-)join: 03univention-directory-listener.inst failed

Still I cannot get the server to sucessfully join. Does anybody have any further tips to provide?

many thanks in advance.

best regards
Harald

Have you checked the join.log?

Hi, Christian

Thanks for replying. Yes I have looked at the join.log, but until now I have not been able to interpret it properly.

However, I now try to join with this command:

univention-join -dcaccount -type domaincontroller_slave -verbose

which looks more promising. Unlike before, the problem now is downloading host certificate due to permission problems:

Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/DEBFIL: Permission denied
Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/DEBFIL.ad.obib.no: Permission denied

  • ‘[’ -d /etc/univention/ssl/DEBFIL ‘]’
  • ‘[’ 5 -gt 30 ‘]’
  • echo -n .
  • sleep 20
  • true
  • (( counter++ ))
  • univention-scp /etc/machine.secret -q -r ‘DEBFIL$@dc01.ad.obib.no:/etc/univention/ssl/DEBFIL’ ‘DEBFIL$@dc01.ad.obib.no:/etc/univention/ssl/DEBFIL.ad.obib.no’ /etc/univention/ssl/
    Could not chdir to home directory /dev/null: Not a directory
    scp: /etc/univention/ssl/DEBFIL: Permission denied
    Could not chdir to home directory /dev/null: Not a directory
    scp: /etc/univention/ssl/DEBFIL.ad.obib.no: Permission denied
  • ‘[’ -d /etc/univention/ssl/DEBFIL ‘]’
  • ‘[’ 6 -gt 30 ‘]’
  • echo -n .
  • sleep 20
    ^C

This surely should be easily solveable?

Best regards
Harald

OK, I changed the group to “DC Slave Hosts”, and now I am able to download the certs at least, but still no luck with the listener-install.

ln -snf /etc/runit/univention-directory-listener /etc/runit/univention/univention-directory-listener

  • service univention-directory-listener stop
  • ‘[’ -e /var/lib/univention-directory-listener ‘]’
  • rm -Rf ‘/var/lib/univention-directory-listener/*’
  • ‘[’ -e /var/lib/univention-directory-replication ‘]’
  • rm -Rf ‘/var/lib/univention-directory-replication/*’
  • ‘[’ -e /var/lib/univention-ldap/listener/listener ‘]’
  • chown listener /var/lib/univention-ldap/listener/listener /var/lib/univention-ldap/listener/listener.lock
  • write_translog=1
  • case “$server_role” in
  • dn=cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no
  • secret=/etc/machine.secret
  • ‘[’ -n ‘’ ‘]’
  • notifierid_master=
  • mode=-i
  • /usr/sbin/univention-directory-listener -i -d 4 -h dc01.ad.obib.no -b dc=ad,dc=obib,dc=no -m /usr/lib/univention-directory-listener/system -c /var/lib/univention-directory-listener -o -ZZ -x -D cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no -y /etc/machine.secret
    01.11.19 14:46:42.169 DEBUG_INIT
    01.11.19 14:46:42.174 LISTENER ( INFO ) : purging cache
    01.11.19 14:46:42.174 LDAP ( PROCESS ) : connecting to ldap://dc01.ad.obib.no:7389
    01.11.19 14:46:42.182 LDAP ( INFO ) : simple_bind as cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no
    01.11.19 14:46:42.189 LISTENER ( INFO ) : connecting to notifier dc01.ad.obib.no:6669
    01.11.19 14:46:42.190 LISTENER ( INFO ) : connection to 10.172.2.15 failed with errorcode 111: Connection refused
    01.11.19 14:46:42.190 LISTENER ( ERROR ) : failed to connect to any notifier
    01.11.19 14:46:42.190 LISTENER ( ERROR ) : can not connect any server, exit
  • exit_status=1
  • ‘[’ -f ‘’ ‘]’
  • command -v slapd
  • service slapd restart
    Warning: slapd.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.
  • ‘[’ 1 = 0 ‘]’
  • die ‘Failed to start Listener’
  • echo ‘03univention-directory-listener.inst: Failed to start Listener’
    03univention-directory-listener.inst: Failed to start Listener
  • exit 1
  • ‘[’ 1 -ne 0 ‘]’
  • echo -e ‘\033[60Gfailed’
    ++ basename /usr/lib/univention-install/03univention-directory-listener.inst
  • failed_message ‘FAILED: 03univention-directory-listener.inst’
  • echo ‘’
  • echo ‘’
  • tee -a /var/log/univention/join.log
  • echo ‘**************************************************************************’
  • echo ‘* Join failed! *’
  • echo ‘* Contact your system administrator *’
  • echo ‘**************************************************************************’
  • echo ‘* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them – FAILED: 03univention-directory-listener.inst’
  • echo ‘**************************************************************************’

  • Join failed! *
  • Contact your system administrator *


++ ucr get hostname

  • /usr/sbin/univention-admin-diary-entry-create --event JOIN_FINISHED_FAILURE --arg hostname=DEBFIL --context-id 9b36e870-4ad1-48bc-a258-64e77fa09556
  • exit 1
  • trapOnExit
  • rm -rf /tmp/tmp.rrbxQ9Pb6m
  • joinscript_remove_credentialfiles
  • test -e /var/run/univention-join/bindpwd
  • rm /var/run/univention-join/bindpwd
  • test -e /var/run/univention-join/binddn
  • rm /var/run/univention-join/binddn
  • ‘[’ -n true -a true = true ‘]’
  • ‘[’ -n 2 ‘]’
  • ucr set listener/debug/level=2
    Setting listener/debug/level
    ++ LC_ALL=C
    ++ date
  • echo ‘Fri Nov 1 14:46:42 CET 2019: finish /usr/sbin/univention-join’

Hi,

I am still not ready to let my slave DC go, as I am having trouble getting the shares on it up on other servers at the moment. I would appreciate any tips on ways to attempt joining the computer to the domain. Could it for instance be possible to join it as a backup controller instead of slave?

best regards
Harald

Mastodon