Two problems with UCS-Master (ADS-Member)

UCS - Univention Corporate Server
,
#1

Hi@all,

I have two problems on a UCS master (4.4-7). I don’t know if they have anything to do with each other.
I can’t say for sure whether the problems came with 4.4.-6 or 4.4-7. Before that, these messages were not present.

The master is connected to a Windows ADS. When I go in the UMC: Domain -> Active Directory Connection the status is: “Active Directory Connection Service is not started.”

When I click on “start” nothing happens.

In the UMC -> System -> Diagnosis I have the error:

SAML certificate verification failed:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 77, in run
    test_identity_provider_certificate()
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 90, in test_identity_provider_certificate
    for host in socket.gethostbyname_ex(sso_fqdn)[2]:
gaierror: [Errno -2] The name or service is not known

Does anyone have any ideas for me?

with best
sven

#2

The ADS Connector seems to be running:

root@tux:~# systemctl status univention-ad-connector
● univention-ad-connector.service - LSB: Univention AD Connector
   Loaded: loaded (/etc/init.d/univention-ad-connector; generated; vendor preset: enabled)
   Active: active (running) since Fri 2020-12-11 01:27:02 CET; 7h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1626 ExecStart=/etc/init.d/univention-ad-connector start (code=exited, status=0/SUCCESS)
 Main PID: 1995 (python2.7)
    Tasks: 1 (limit: 4915)
   Memory: 47.7M
      CPU: 7.195s
   CGroup: /system.slice/univention-ad-connector.service
           └─1995 /usr/bin/python2.7 -W ignore -m univention.connector.ad.main

Dez 11 01:27:01 tux systemd[1]: Starting LSB: Univention AD Connector...
Dez 11 01:27:02 tux univention-ad-connector[1626]: Starting Univention AD Connector:.
Dez 11 01:27:02 tux systemd[1]: univention-ad-connector.service: PID file /var/run/univention-ad-connector not readable (yet?) after start: No such file or directory
Dez 11 01:27:02 tux systemd[1]: univention-ad-connector.service: Supervising process 1995 which is not our child. We'll most likely not notice when it exits.
Dez 11 01:27:02 tux systemd[1]: Started LSB: Univention AD Connector.

About “SAML certificate verification failed”
I have found various posts here in the forum and have executed the command:

root@tux:~# univention-run-join-scripts --force --run-scripts 91univention-saml.inst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2020 Univention GmbH, Germany

Running pre-joinscripts hook(s):                           done
Running 91univention-saml.inst                             done
Running post-joinscripts hook(s):                          done

However, I could not reboot because the system is being worked on.

I have also tested the following:

root@tux:~# univention-run-diagnostic-checks -t 02_certificate_check
Domain Admin Login: Administrator
Password: 

You can find the logging messages of the diagnostic modules at /var/log/univention/management-console-module-diagnostic.log

ran 02_certificate_check successfully.

The message is still present in the UMC -> Diagnosis. Perhaps it will disappear after a server restart?

Mastodon