Hello.
We tried to add a backup domaincontroller to our AD. Therefore we install a new machine with UCS Core 4.2-1. The problem now is that the join didn’t work and a login using the web interface is not possible.
The new machine is listed in the dc master as backup domaincontroller.
To investigate the cause I run the join script in a ssh session.
First I removed failed.ldif and removed the new domaincontroller from the master to start again.
univention-join -verbose -dcname <fqdn> -dcaccount Administrator
In the join.log I found following errors at the end of the log.
++ basename /usr/lib/univention-install/03univention-directory-listener.inst
+ delete_unjoinscript 03univention-directory-listener.inst
+ local joinscript
+ joinscript=/usr/lib/univention-install/03univention-directory-listener.inst
+ test -e /usr/lib/univention-install/03univention-directory-listener.inst
+ echo /usr/lib/univention-install/03univention-directory-listener.inst
+ grep -q '.uinst$'
+ return 1
+ '[' domaincontroller_backup = domaincontroller_slave -o domaincontroller_backup = domaincontroller_backup ']'
++ basename /usr/lib/univention-install/03univention-directory-listener.inst
+ '[' 03univention-directory-listener.inst = 03univention-directory-listener.inst ']'
+ '[' -e /var/lib/univention-directory-replication/failed.ldif ']'
+ failed_message 'FAILED: failed.ldif exists.'
+ echo ''
+ echo ''
+ echo '**************************************************************************'
+ echo '* Join failed! *'
+ echo '* Contact your system administrator *'
+ echo '**************************************************************************'
+ echo '* Message: FAILED: failed.ldif exists.'
+ echo '**************************************************************************'
23.08.17 11:51:59.001 LISTENER ( INFO ) : umc-service-providers: Reloading LDAP server.
Restarting slapd (via systemctl): slapd.serviceWarning: Unit file of slapd.service changed on disk, 'systemctl daemon-reload' recommended.
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.
failed!
23.08.17 11:51:59.212 LISTENER ( INFO ) : postrun handler: nss (prepared=-1)
Traceback (most recent call last):
File "/usr/lib/univention-pam/ldap-group-to-file.py", line 110, in <module>
lo = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 91, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 152, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 206, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
univention-ldapsearch and univention-s4search aren’t working on the backup dc. “Invalid credentials”
DC Master
UCS: 4.2-1 errata139
App Center compatibility: 4
Installed: kvm=1.2.8 mailserver=11 openvpn4ucs=1.1.13 samba4=4.6 uvmm=6
DC Backup
UCS: 4.2-1 errata139
App Center compatibility: 4
Installed: samba4=4.6
Upgradable: