Problem
When installing new UCS replica/slave systems, the Univention Join process may fail with the following error messages:
Failed to connect to ldap URL 'ldaps://replica.domain.de' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
Failed to connect to 'ldaps://replica.domain.de' with backend 'ldaps': LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
Failed to connect to ldaps://replica.domain.de - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
### Output of: ldbsearch -H ldaps://replica.domain.de -Ureplica$%... -d=2 cn=replica
While ldbsearch works successfully, the command univention-s4search fails.
Analysis
Running univention-s4search with debug mode shows:
root@replica:~# univention-s4search -d=2 cn=replica
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
interpret_interface: Can't find address for ens2f0
interpret_interface: Can't find address for ens2f0
Failed to connect to ldap URL 'ldaps://replica.domain.de' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
The error message indicates that Samba tries to bind to the wrong network interface (ens2f0), which is down and has no IP address.
Checking the network configuration:
ip -c a
...
3: ens2f0: <BROADCAST,MULTICAST> state DOWN
...
7: ens2f3: <BROADCAST,MULTICAST,UP,LOWER_UP> state UP
inet 1.2.3.4/20 brd 1.2.3.255 scope global ens2f3
Here, ens2f0 is down, while ens2f3 is the correct active interface with an assigned IP address.
Solution
The issue can be resolved by setting the correct network interface via UCR:
ucr set samba/interfaces="lo ens2f3"
systemctl restart samba-ad-dc
After this, the Univention Join should complete successfully.