Problem: Unable to (re-)join: 03univention-directory-listener.inst failed

udm
domainjoin
join
ucs-4
machine-secret
problem
credentials

#1

Problem

When running univention-run-join-scripts a script return an error code:
Running 03univention-directory-listener.inst failed (exitcode: 1)

Environment

Additional scripts failing with errorcode 1 are:

20univention-directory-policy.inst
30univention-appcenter.inst

Other scripts show status “done”.

In /var/log/univention/join.log you will see:

05.10.18 10:56:28.138  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
05.10.18 10:56:28.138  LISTENER    ( WARN    ) : can not connect to LDAP server master.domain.com:7389
05.10.18 10:56:28.138  LISTENER    ( ERROR   ) : can not connect any server, exit

Solution

“Invalid credentials” is referring to the machine account credentials. There is a mismatch between the stored credentials and the one noted in the LDAP directory on the master server.

Reset the machine account password by the following steps.

Step 1

Identify the distinguished name for the server to be joined

root@backup:~# ucr get ldap/hostdn
cn=backup,cn=dc,cn=computers,dc=domain,dc=intranet

Step 2

Check the the role and the password currently stored on the server to be joined

root@backup:~# ucr get server/role
domaincontroller_backup
root@backup:~# cat /etc/machine.secret
KUXmzDFwBMW4V1oAudiC7root@backup:~#

Step 3

Set the password in LDAP on the master to match the locally stored one

udm computers/domaincontroller_backup modify --dn="cn=backup,cn=dc,cn=computers,dc=domain,dc=intranet" --set password="<PASSWORD FROM machine.secret>"

Note: Replace the “domaincontroller_backup” in the above command by the value of server/role from Step 2.

Now, the 03univention-directory-listener.inst should not report any wrong credentials.


UCS 4.3: Not Authorised to login at UCS management after changing password of the UCS server computer object in LDAP directory
Clear install 4.3.2 system's (Master+Slave), join not work (TLS)