Hi there,
I have a problem with the ucs ad-connection/synchronisation with Windows Active Directory.
my UCS Server is running on a VM, connected to a Windows AD.
My customer now reported that password changes are not synchronised to UCS and also new created users do not appear in the UCS.
I started investigating all logs and rying to figure out the problem.
after 2 days of searching through all logs and testing every solution found in google, I almost gave up.
Now I found something intresting in the connector-ad-status.log
File "/usr/lib/python3/dist-packages/univention/connector/ad/_init_.py", line 674, in get_kerberos_ticket
raise kerberosAuthenticationFailed('The following command failed: "%s" (%s): %s' % (' '.join(cmd_block), p1.returncode, stdout.decode('UTF-8', 'replace')))
univention.connector.ad.kerberosAuthenticationFailed: The following command failed: "kinit --no-addresses --password-file=/tmp/tmp0gqnrscd SERVERNAME$" (1): kinit: Password incorrect
As I can see, the ad-connector tries to get the password from a tmp File, which obviously doesn’t exist. As far as I know, the password is stored inside the machine.secret file in /etc/ which does exist.
Can someone tell me, how to change that, so the ad-connector takes the password out of the machine.secret file?
Inside the UCS web overlay, the connector/ad/ldap/bindpw registry key is set to /etc/machine.secret.