UCS 3.0.2 DC Backup join Fehler

p.baron · January 8, 2013, 2:55pm

Hallo,

Beim Join eines DC Backup (DC Master S4 und DC Backup S4 3.02 Errata 140) tritt folgender Fehler auf:

univention-join

kadm5_create_principal: ldap_sasl_bind_s: Can’t contact LDAP server
kadmin: adding ldap/dc-02.domain.name: ldap_sasl_bind_s: Can’t contact LDAP server

Wie ist das zu lösen??
Ein Upgrade des DC Master auf 3.1 ohne funktionsfähigen DC Backup kommt vorerst nicht in Frage

BUG DB:
forge.univention.org/bugzilla3/ … e&id=28379

Petersen · January 8, 2013, 3:05pm

Hallo,

handelt es sich hier wie am Bugeintrag geschildert um einen Re-Join (System in der Vergangenheit bereits gejoined)?

Mit freundlichen Grüßen,
Tim Petersen

p.baron · January 9, 2013, 6:46am

Hallo,

nein, es ist der erstmalige join.

Gruß
Piotr Baron

p.baron · January 9, 2013, 8:01am

join.log

[code]Warning: Permanently added ‘dc-01.DOMAINNAME.de,10.173.32.15’ (RSA) to the list of known hosts.
Stopping ldap server(s): slapd …done.
Stopping Samba 4 daemon: samba.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Stopping ldap server(s): slapd …done.
Stopping Samba 4 daemon: samba.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
Stopping ldap server(s): slapd …done.
Stopping Samba 4 daemon: samba.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
kadmin: kadm5_create_principal: ldap_sasl_bind_s: Can’t contact LDAP server
kadmin: adding ldap/dc-02.DOMAINNAME.de: ldap_sasl_bind_s: Can’t contact LDAP server
Join result = [univention-server-join: joins a server to an univention domain
copyright © 2001-2012 Univention GmbH, Germany

ldap_dn=“cn=dc-02,cn=dc,cn=computers,dc=DOMAINNAME,dc=de”
]
Create ldap/hostdn
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.virtual
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Setting ldap/server/name
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.virtual
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/master.cf
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
Setting ldap/server/ip
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/master.cf
Create ldap/server/port
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.virtual
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/master.cf
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
Setting ldap/server/ip
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/master.cf
Create ldap/server/port
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.virtual
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/master.cf
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
Create ldap/master
Multifile: /var/www/ucs-overview/de.html
Multifile: /etc/ldap/slapd.conf
File: /etc/ntp.conf
Multifile: /var/www/ucs-overview/en.html
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/postfix/main.cf
File: /etc/init.d/slapd
Multifile: /etc/postfix/master.cf
Multifile: /etc/ldap/slapd.conf
Overwriting -e option
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
Not updating ldap/server/name
Not updating ldap/master
Create kerberos/adminserver
File: /etc/krb5.conf
Setting kerberos/realm
File: /etc/samba/base.conf
File: /etc/krb5.conf
Multifile: /etc/samba/smb.conf
File: /etc/heimdal-kdc/kdc.conf
Configure 01univention-ldap-server-init.inst
File: /var/lib/univention-ldap/ldap/DB_CONFIG
/etc/ldap/slapd.conf: line 46: invalid DN 21 (Invalid syntax)
slapadd: bad configuration file!
close failed in file object destructor:
Error in sys.excepthook:

Original exception was:
Not updating windows/domain
Not updating kerberos/realm
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
Configure 02univention-directory-notifier.inst
Starting Univention Directory Notifier daemon.
warning: univention-directory-notifier: unable to open supervise/ok: file does not exist
failed.
Configure 03univention-directory-listener.inst
Create ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
09.01.13 08:53:11.705 DEBUG_INIT
09.01.13 08:53:11.712 LISTENER ( ERROR ) : connection okay to host dc-01.DOMAINNAME.de
09.01.13 08:53:12.221 LISTENER ( ERROR ) : replication flatmode enabled by UCR: no
09.01.13 08:53:12.221 LISTENER ( ERROR ) : replication flatmode activated: False
09.01.13 08:53:13.510 LISTENER ( WARN ) : replication: ldap server changed to dc-01.DOMAINNAME.de
UNIVENTION_DEBUG_BEGIN : uldap.__open host=dc-01.DOMAINNAME.de port=7389 base=dc=DOMAINNAME,dc=de
UNIVENTION_DEBUG_END : uldap.__open host=dc-01.DOMAINNAME.de port=7389 base=dc=DOMAINNAME,dc=de
09.01.13 08:53:13.536 LISTENER ( WARN ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
09.01.13 08:53:16.797 LISTENER ( WARN ) : handler: s4-connector (not ready) (ignore)
09.01.13 08:53:16.862 LISTENER ( WARN ) : handler: faillog (not ready) (ignore)
09.01.13 08:53:16.870 LISTENER ( WARN ) : Set Schema ID to 20
09.01.13 08:53:16.870 LISTENER ( WARN ) : initializing module replication
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Check database: …Could not determine BDB version of /var/lib/univention-ldap/ldap.
Skipping /usr/bin/db4.8_recover to avoid damage.
Starting ldap server(s): slapd …done.
09.01.13 08:53:23.387 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:53:33.397 LISTENER ( WARN ) : Can’t contact LDAP server: retrying
09.01.13 08:53:33.397 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:53:43.408 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:53:53.418 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:03.429 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:13.438 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:23.446 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:33.456 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:43.467 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:54:53.477 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:03.488 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:13.498 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:23.504 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:33.514 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:43.525 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:55:53.535 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:03.546 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:13.556 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:23.567 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:33.577 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:43.588 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:56:53.598 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:57:03.608 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:57:13.619 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds
09.01.13 08:57:23.629 LISTENER ( WARN ) : Can not connect LDAP Server (Can’t contact LDAP server), retry in 10 seconds[/code]

DBGTMaster · January 9, 2013, 8:06am

Hallo,

bitte ausführen:

slaptest

Wenn erfolgreich, dann:

/etc/init.d/slapd restart

Ausgabe von syslog, sowie /var/log/univention/listener.log

p.baron · January 9, 2013, 8:39am

Hallo,

vor join:

slaptest config file testing succeeded

nach joinversuch

slaptest

bdb_db_open: database "dc=DOMAINNAME,dc=de": db_open(/var/lib/univention-ldap/ldap/id2entry.bdb) failed: No such file or directory (2).
backend_startup_one (type=bdb, suffix="dc=DOMAINNAME,dc=de"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

listener.log ist leer

syslog

Jan 9 09:24:24 dc-02 slapd[1277]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:24:24 dc-02 slapd[1278]: hdb_db_open: database "dc=DOMAINNAME,dc=de": unclean shutdown detected; attempting recovery. Jan 9 09:24:25 dc-02 slapd[1278]: slapd starting Jan 9 09:24:25 dc-02 nrpe[1310]: Starting up daemon Jan 9 09:24:25 dc-02 nrpe[1310]: Cannot write to pidfile '/var/run/nrpe.pid' - check your privileges. Jan 9 09:24:25 dc-02 nrpe[1310]: Listening for connections on port 5666 Jan 9 09:24:25 dc-02 nrpe[1310]: Allowing connections from: None Jan 9 09:24:25 dc-02 kernel: [ 7.865887] RPC: Registered udp transport module. Jan 9 09:24:25 dc-02 kernel: [ 7.865889] RPC: Registered tcp transport module. Jan 9 09:24:25 dc-02 kernel: [ 7.865890] RPC: Registered tcp NFSv4.1 backchannel transport module. Jan 9 09:24:25 dc-02 kernel: [ 7.884720] Installing knfsd (copyright (C) 1996 okir@monad.swb.de). Jan 9 09:24:25 dc-02 kernel: [ 7.936241] svc: failed to register lockdv1 RPC service (errno 97). Jan 9 09:24:25 dc-02 kernel: [ 7.938023] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory Jan 9 09:24:25 dc-02 kernel: [ 7.939133] NFSD: starting 90-second grace period Jan 9 09:24:25 dc-02 mountd[1353]: Kernel does not have pseudo root support. Jan 9 09:24:25 dc-02 mountd[1353]: NFS v4 mounts will be disabled unless fsid=0 Jan 9 09:24:25 dc-02 mountd[1353]: is specfied in /etc/exports file. Jan 9 09:24:26 dc-02 /usr/sbin/cron[1572]: (CRON) INFO (pidfile fd = 3) Jan 9 09:24:26 dc-02 /usr/sbin/cron[1573]: (CRON) STARTUP (fork ok) Jan 9 09:24:27 dc-02 /usr/sbin/cron[1573]: (CRON) INFO (Running @reboot jobs) Jan 9 09:24:28 dc-02 /USR/SBIN/CRON[1650]: (root) CMD (/usr/share/univention-updater/enable-apache2-umc) Jan 9 09:24:28 dc-02 /USR/SBIN/CRON[1654]: (root) CMD ( [ -x /usr/share/univention-updater/univention-updater-check ] && /usr/sbin/jitter 30 /usr/share/univention-updater/univention-updater-check 2> /dev/null > /dev/null) Jan 9 09:24:32 dc-02 kernel: [ 14.993567] eth0: no IPv6 routers present Jan 9 09:25:01 dc-02 /USR/SBIN/CRON[1886]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi) Jan 9 09:25:01 dc-02 /USR/SBIN/CRON[1892]: (root) CMD (/usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1) Jan 9 09:25:02 dc-02 slapd[1278]: daemon: shutdown requested and initiated. Jan 9 09:25:02 dc-02 slapd[1278]: slapd shutdown: waiting for 0 operations/tasks to finish Jan 9 09:25:02 dc-02 slapd[1278]: slapd stopped. Jan 9 09:25:05 dc-02 slapd[1983]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:25:05 dc-02 slapd[1984]: slapd starting Jan 9 09:25:16 dc-02 slapd[1984]: daemon: shutdown requested and initiated. Jan 9 09:25:16 dc-02 slapd[1984]: slapd shutdown: waiting for 0 operations/tasks to finish Jan 9 09:25:16 dc-02 slapd[1984]: slapd stopped. Jan 9 09:25:18 dc-02 slapd[2254]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:25:18 dc-02 slapd[2255]: slapd starting Jan 9 09:25:21 dc-02 slapd[2255]: daemon: shutdown requested and initiated. Jan 9 09:25:21 dc-02 slapd[2255]: slapd shutdown: waiting for 0 operations/tasks to finish Jan 9 09:25:21 dc-02 slapd[2255]: slapd stopped. Jan 9 09:25:21 dc-02 slapd[2384]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:25:22 dc-02 univention-directory-listener: connection okay to host dc-01.DOMAINNAME.de Jan 9 09:25:22 dc-02 univention-directory-listener: replication flatmode enabled by UCR: no Jan 9 09:25:22 dc-02 univention-directory-listener: replication flatmode activated: False Jan 9 09:25:24 dc-02 slapd[2463]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:25:28 dc-02 slapd[2487]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:25:31 dc-02 slapd[2515]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 28 2011 23:43:54) $#012#011root@ladda:/var/build/temp/tmp.IlFQfqGqqJ/pbuilder/openldap-2.4.23/debian/build/servers/slapd Jan 9 09:26:01 dc-02 /usr/sbin/cron[1573]: (*system*univention-directory-policy) RELOAD (/etc/cron.d/univention-directory-policy) Jan 9 09:30:01 dc-02 /USR/SBIN/CRON[2796]: (root) CMD (/usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1) Jan 9 09:30:01 dc-02 /USR/SBIN/CRON[2801]: (root) CMD ([ -x /usr/sbin/univention-system-stats ] && /usr/sbin/univention-system-stats >/dev/null) Jan 9 09:30:02 dc-02 /USR/SBIN/CRON[2820]: (root) CMD (/usr/sbin/univention-mrtg) Jan 9 09:30:02 dc-02 /USR/SBIN/CRON[2824]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi) Jan 9 09:30:02 dc-02 /USR/SBIN/CRON[2851]: (root) CMD ( if [ -x /usr/sbin/univention-umount-homedirs ]; then /usr/sbin/univention-umount-homedirs; fi) Jan 9 09:30:32 dc-02 univention-directory-listener: Can't contact LDAP server: going into LDIF mode

DBGTMaster · January 9, 2013, 9:55am

/etc/ldap/slapd.conf: line 46: <suffix> invalid DN 21 (Invalid syntax)

Was genau steht in dieser Zeile?

p.baron · January 9, 2013, 10:04am

vor join

45      database        bdb
46      suffix          "dc=univention,dc=unconfigured"
47
48      overlay k5pwd

nach joinversuch

44    database        bdb
45    suffix          "dc=DOMAINNAME,dc=de"
46
47    overlay k5pwd

DBGTMaster · January 9, 2013, 10:05am

Verzeichnis “/var/lib/univention-ldap/ldap” ist leer, existert aber?

p.baron · January 9, 2013, 10:22am

root@dc-02:~# cd /var/lib/univention-ldap/ldap root@dc-02:/var/lib/univention-ldap/ldap# ls -la insgesamt 32 drwxr-xr-x 2 root root 4096 9. Jan 11:05 . drwxr-xr-x 10 root root 4096 9. Jan 10:59 .. -rw-r--r-- 1 root root 2048 9. Jan 11:01 alock -rw-r--r-- 1 root nogroup 613 9. Jan 10:59 DB_CONFIG -rw-r----- 1 root root 1048576 9. Jan 11:05 log.0000000001

cny · January 9, 2013, 10:48am

Verwendest du Sonderzeichen, Leerzeichen, Zahlen oder soetwas in der baseDN? Wir die evt. falsch geparsed bzw. entspricht Sie der baseDN des laufenden Masters?

p.baron · January 9, 2013, 10:52am

nach joinversuch ist base dn gleich wie bei master.
keine sonderzeichen, umlaute, etc

cny · January 9, 2013, 11:34am

Ziemlich zu Beginn der join.log steht:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive)

Welches Benutzerkonto gibst du beim Join an? Kannst du evt. mal die Konsolenausgabe eines Joinvorgangs mitsenden?

p.baron · January 9, 2013, 12:25pm

ssh funktioniert

root@dc-02:/# ssh administrator@dc-01 Password: Last login: Wed Jan 9 13:22:27 2013 from dc-02.DOMAINNAME.de Administrator@dc-01:~$ exit Abgemeldet Connection to dc-01 closed. root@dc-02:/#

Insert DC Master Account : administrator
Insert DC Master Password:

Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Stop Samba 4 Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time done
Join Computer Account: done
Stopping univention-directory-listener daemon: … done
Sync ldap.secret: done
Sync ldap-backup.secret: done
Sync SSL directory: done
Check TLS connection done
Download host certificate done
Sync SSL settings: done
Restart LDAP Server: done
Sync Kerberos settings: done
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst
[/code]

DBGTMaster · January 9, 2013, 2:51pm

Man könnte “/usr/sbin/univention-join” öffnen, und in der 2ten Zeile ein “set -x” setzen, um überprüfen zu können, welcher Befehl diesen Fehler produziert…

Eventuell falsche Berechtigungen oder sonst etwas…

lG

p.baron · January 10, 2013, 1:04pm

Hallo,

Nach erfolglosen Join haben wir slapd -d 16384 gestartet. Als Augabe kammen SSL Fehler
Schuld war der DC Master. Der het keine gültige Zertifikate für DC Backup erzeugt (openssl.cnf Fehler). Wir haben die Software nochmal installiert (univention-install --reinstall univention-ssl) und dann die SSL Kette erneuert.

Wir müssten auch ein LDAP Benutzer Template von DC Master entfernen um slapd sauber zu starten.

Damit ist die Sache geschlossen

Vielen Dank für Eure Unterstützung.

Gruß
Piotr Baron