Falls benötigt, schreibe ich folgendes gerne auch auf Deutsch. Danke für eure Hilfe.
In June 2017 I used UCS to takeover another samba 4 domain because the sernet-samba packages where discontinued for free use.
Since then I have some problems regarding s4 rejects (amongst other things).
My univention:
root@nathkucs1:~# univention-app info
UCS: 4.3-0 errata3
Installed: adconnector=12.0 adtakeover=5.0 cups=2.2.1 nagios=4.3 samba4=4.7
Upgradable:
“Teste die lokale AD Datenbank auf Fehler”
root@nathkucs1:~# samba-tool dbcheck
Checking 592 objects
ERROR(<type 'exceptions.IndexError'>): uncaught exception - string index out of range
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py", line 160, in run
controls=controls, attrs=attrs)
File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 219, in check_database
error_count += self.check_object(object.dn, attrs=attrs)
File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 2240, in check_object
elif obj[attrname][0][1] == '\x00' and obj[attrname][0][2] == '\x00' and obj[attrname][0][3] == '\x00' and obj[attrname][0][4] != '\x00' and obj[attrname][0][5] == '\x00':
“Nicht synchronisierte S4 Connector Objekte”
root@nathkucs1:~# univention-s4connector-list-rejected
UCS rejected
1: UCS DN: <NORESYNC=broken file:1522559877.253004>;unknown
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1522559877.253004
2: UCS DN: uid=user.name,cn=users,dc=domain,dc=lan
S4 DN: cn=user.name,cn=users,DC=domain,DC=lan
Filename: /var/lib/univention-connector/s4/1506328994.810048
3: UCS DN: uid=ucs-sso,cn=users,dc=domain,dc=lan
S4 DN: cn=ucs-sso,cn=users,DC=domain,DC=lan
Filename: /var/lib/univention-connector/s4/1521070128.723376
[...] and many more users [...]
S4 rejected
[...] and many more users [...]
78: S4 DN: CN=praktikan,CN=Users,DC=domain,DC=lan
UCS DN: <not found>
79: S4 DN: CN=user1,CN=Users,DC=domain,DC=lan
UCS DN: uid=user1,cn=users,dc=domain,dc=lan
80: S4 DN: CN=ucs-sso,CN=Users,DC=domain,DC=lan
UCS DN: uid=ucs-sso,cn=users,dc=domain,dc=lan
81: S4 DN: CN=ldapper-m-nathkucs1,CN=Users,DC=domain,DC=lan
UCS DN: uid=ldapper-m-nathkucs1,cn=users,dc=domain,dc=lan
82: S4 DN: CN=searchuser,CN=Users,DC=domain,DC=lan
UCS DN: uid=searchuser,cn=users,dc=domain,dc=lan
83: S4 DN: CN=another.user,CN=Users,DC=domain,DC=lan
UCS DN: uid=another.user,cn=users,dc=domain,dc=lan
84: S4 DN: CN=user2,CN=Users,DC=domain,DC=lan
UCS DN: <not found>
[...] and even more [...]
When searching for problems in the /var/log/univention/connector-s4.log with “grep ucs-sso” for example, I get this:
13.06.2017 19:33:55,219 LDAP (PROCESS): sync from ucs: [ dns] [ add] DC=ucs-sso,DC=domain.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=lan
13.06.2017 19:35:33,473 LDAP (PROCESS): sync to ucs: [ dns] [ modify] relativedomainname=ucs-sso,zonename=domain.lan,cn=dns,dc=domain,dc=lan
These lines are being logged every few minutes:
01.04.2018 17:33:47,299 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=ucs-sso,cn=users,DC=domain,DC=lan
01.04.2018 17:33:56,707 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=ucs-sso,CN=Users,DC=domain,DC=lan
01.04.2018 17:33:56,717 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=ucs-sso,cn=users,dc=domain,dc=lan
01.04.2018 17:33:56,769 LDAP (ERROR ): Value may not change: key=sambaRID old=2636 new=124955 (uid=ucs-sso,cn=users,dc=domain,dc=lan)
And using “head” I can see the inital problems from 2017 (for the user clb as example):
13.06.2017 19:25:21,332 LDAP (PROCESS): sync from ucs: [ user] [ add] CN=clb,CN=Users,DC=domain,DC=lan
13.06.2017 19:25:22,676 LDAP (WARNING): sync failed, saved as rejected
/var/lib/univention-connector/s4/1497374667.685767
13.06.2017 19:25:22,677 LDAP (WARNING): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 843, in __sync_file_from_ucs
if ((old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, unicode(old_dn, 'utf8'), old, new)) or (not old_dn and not self.sync_from_ucs(key, object, premapped_ucs_dn, old_dn, old, new))):
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/__init__.py", line 2726, in sync_from_ucs
f(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/password.py", line 582, in password_sync_ucs_to_s4
unicodePwd_new = binascii.a2b_hex(ucsNThash)
TypeError: Non-hexadecimal digit found
To this error, I found this Bug Report Bug 35540 an this thread: Thread about the bug 35540
The only thing I tried so far was: How to deal with s4-connector rejects but this didn’t help.
My connector-s4.log has a big file size:
root@nathkucs1:/var/log/univention# ls -Shl
insgesamt 23G
-rw-r----- 1 root adm 23G Apr 1 19:27 connector-s4.log
-rw-r----- 1 root adm 26M Jun 13 2017 connector-s4.log.1
-rw-r----- 1 root adm 15M Apr 1 19:00 system-stats.log
-rw-r----- 1 root adm 12M Apr 1 19:27 connector.log
Do you have any ideas for a resolution of this problem. Thank you in advance.