Problem: Unable to (re-)join: 03univention-directory-listener.inst failed


When running univention-run-join-scripts a script return an error code:
Running 03univention-directory-listener.inst failed (exitcode: 1)


Additional scripts failing with errorcode 1 are:


Other scripts show status “done”.

In /var/log/univention/join.log you will see:

05.10.18 10:56:28.138  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
05.10.18 10:56:28.138  LISTENER    ( WARN    ) : can not connect to LDAP server
05.10.18 10:56:28.138  LISTENER    ( ERROR   ) : can not connect any server, exit


“Invalid credentials” is referring to the machine account credentials. There is a mismatch between the stored credentials and the one noted in the LDAP directory on the master server.

Reset the machine account password by the following steps.

Step 1

Identify the distinguished name for the server to be joined

root@backup:~# ucr get ldap/hostdn

Step 2

Check the the role and the password currently stored on the server to be joined

root@backup:~# ucr get server/role
root@backup:~# cat /etc/machine.secret

Step 3 (on the master)

Set the password in LDAP on the master to match the locally stored one

udm computers/domaincontroller_backup modify --dn="cn=backup,cn=dc,cn=computers,dc=domain,dc=intranet" --set password="<PASSWORD FROM machine.secret>"

Note: Replace the “domaincontroller_backup” in the above command by the value of server/role from Step 2.

Now, the 03univention-directory-listener.inst should not report any wrong credentials.