UCS Beitritt zu AD Domäne schlägt fehl

Tueti · January 24, 2017, 10:43pm

Guten Abend Forum,

möchte kurz um etwas Unterstützung bei der Interpretation von log-Files bitten.

Ich habe ein UCS-Server mit installierter OX App Suite. Die installation ist bis dahin ohne Probleme durchgelaufen.
Der UCS-Server mit OX sollte nun einem AD beitreten, dazu habe habe ich die App “Active Directory-Verbindung” verwendet.
Der Beitritt schlägt leider bei ca 60% fehl, mit dem Hinweis: Eine Verbindung zum AD-Server IKARUS.sht-mo.local konnte nicht hergestellt werden. Bitte überprüfen Sie Benutzername und Password.
Benutzername und Passwort stimmen aber.

Was mir in diesem Zusammenhang auch aufgefallen ist. Jedesmal, wenn ich versuche den UCS-Server der AD beitreten zu lassen, wird danach das Join-Script “26univention-samba” als ausstehend markiert.
JoinScript wieder ausführen > erfolgreich; Versuch der AD-Domäne beitreten > JoinScript wieder ausstehend.

Leider ist für mein ungeschultes Auge nicht offensichtlich warum der AD-Beitritt abbricht.

Kann es was mit “unable to write ‘random state’ e is 65537 (0x10001)” bei der Zertifikatserstellung für den AD-Server zu tun haben?
Oder “No settings/cn superordinate was given.”?

GNU nano 2.2.6                Datei: ad-connector-certificate.log

Creating certificate: IKARUS.sht-mo.local
no certificate for IKARUS.sht-mo.local registered
Generating RSA private key, 2048 bit long modulus
..........................................................................................................$
..............................................+++
unable to write 'random state'
e is 65537 (0x10001)
Using configuration from /etc/univention/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CH'
stateOrProvinceName   :PRINTABLE:'CH'
localityName          :PRINTABLE:'CH'
organizationName      :PRINTABLE:'SHT Ing'
organizationalUnitName:PRINTABLE:'Univention Corporate Server'
commonName            :PRINTABLE:'IKARUS.sht-mo.local'
emailAddress          :IA5STRING:'ssl@sht-mo.local'
Certificate is to be certified until Jan 23 21:55:30 2022 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'

GNU nano 2.2.6                     Datei: connector.log

24.01.17 22:55:30.984  DEBUG_INIT
24.01.17 22:55:31.024  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
24.01.17 22:55:31.024  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
24.01.17 22:55:31.025  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
24.01.17 22:55:31.025  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
24.01.17 22:55:31.050  LDAP        ( PROCESS ) : Renaming 'cn=Domain Guests,cn=groups,dc=sht-mo,dc=local' $

In welchem log-File sollte ich noch schauen um den Fehler für den abgebrochene Domänen-Beitritt zu finden?
Kann jemand von euch darin einen Fehler finden?

Freue mich über jeden Hinweis, mit besten Grüssen
Patrik

thorp-hansen · January 27, 2017, 9:59am

Ich würde die folgenden Logs noch prüfen: “var/log/syslog”, “var/log/univention/listener.log”, “var/log/univention/join.log”
Für den Connector bitte das Loglevel mal auf 4 hochschrauben und dann die Aktion noch einmal durchführen:

# ucr set connector/debug/level=4

und dann nochmal schauen: “var/log/univention/connector.log”

Tueti · January 28, 2017, 9:20pm

Hallo Univention-Support / Thorp-Hansen

danke für dei Rückmeldung.
Ich habe, wie vorgeschlagen den Loglevel auf 4 gesetzt und den AD Beitritt nochmals versucht.
Der Beitritt ist erneut fehlgeschlagen und das Join-Script “26univention-samba” wurde erneut nach dem fehlgeschlagenen AD-Beitritt auf ausstehend gesetzt.

Mir fällt auf, dass relativ viele Samba-Objekte in der connector.log nicht gefunden werden.
Auch taucht in der connector-status.log die Zeile auf, dass die UCR-Variable nicht gesetzt ist.
Könnte dies der Grund für den fehlgeschlagenen AD-Beitrit sein?

Hier noch die Log-Files.

connector-status.log
Sat Jan 28 20:57:02 2017
connector/ad/ldap/host not set

connector.log
28.01.17 21:00:23.939  DEBUG_INIT
28.01.17 21:00:23.946  LDAP        ( INFO    ) : establishing new connection with retry_max=11
28.01.17 21:00:23.946  LDAP        ( INFO    ) : bind binddn=Administrator@SHT-MO.LOCAL
28.01.17 21:00:23.951  LDAP        ( INFO    ) : establishing new connection with retry_max=11
28.01.17 21:00:23.951  LDAP        ( INFO    ) : bind binddn=cn=admin,dc=sht-mo,dc=local
28.01.17 21:00:23.952  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaDomain)(sambaDomainName=SHT-MO)) base= scope=sub attr=['sambaSID'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.953  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=groups/group)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.953  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=groups/group)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.957  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=settings/default)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.958  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=settings/default)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.961  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=users/user)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.962  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=users/user)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.970  LDAP        ( INFO    ) : establishing new connection with retry_max=11
28.01.17 21:00:23.973  LDAP        ( INFO    ) : bind binddn=cn=admin,dc=sht-mo,dc=local
28.01.17 21:00:23.981  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMOption)(univentionUDMOptionModule=settings/extended_attribute)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.982  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyModule=settings/extended_attribute)(univentionUDMPropertyVersion=2)) base=cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.984  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyVersion=2)(cn=oxAccess)) base=cn=open-xchange,cn=custom attributes,cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.984  LDAP        ( INFO    ) : uldap.search filter=(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector)) base= scope=sub attr=['aRecord'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.984  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
28.01.17 21:00:23.984  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyVersion=2)(cn=oxDisplayName)) base=cn=open-xchange,cn=custom attributes,cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.987  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
28.01.17 21:00:23.987  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyVersion=2)(cn=oxLanguage)) base=cn=open-xchange,cn=custom attributes,cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.987  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
28.01.17 21:00:23.987  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=univentionUDMProperty)(univentionUDMPropertyVersion=2)(cn=oxTimeZone)) base=cn=open-xchange,cn=custom attributes,cn=univention,dc=sht-mo,dc=local scope=sub attr=[] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.988  ADMIN       ( WARN    ) : No settings/cn superordinate was given.
28.01.17 21:00:23.996  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-545) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.996  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-545
28.01.17 21:00:23.996  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Users)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.997  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-544) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.997  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-544
28.01.17 21:00:23.997  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Administrators)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.997  LDAP        ( INFO    ) : Well known SID S-1-5-32-547 not found in Samba
28.01.17 21:00:23.998  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-546) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.998  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-546
28.01.17 21:00:23.998  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Guests)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.999  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-569) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:23.999  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-569
28.01.17 21:00:23.999  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Cryptographic Operators)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.000  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-568) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.000  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-568
28.01.17 21:00:24.000  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-553) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.000  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-553
28.01.17 21:00:24.001  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=RAS and IAS Servers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.001  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-571) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.001  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-571
28.01.17 21:00:24.001  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Allowed RODC Password Replication Group)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.002  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-548) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.002  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-548
28.01.17 21:00:24.002  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Account Operators)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.003  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-561) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.003  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-561
28.01.17 21:00:24.003  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Terminal Server License Servers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.004  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-572) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.004  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-572
28.01.17 21:00:24.004  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Denied RODC Password Replication Group)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.004  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-559) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.004  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-559
28.01.17 21:00:24.004  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Performance Log Users)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.005  LDAP        ( INFO    ) : Well known SID S-1-5-80-0 not found in Samba
28.01.17 21:00:24.005  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-498) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.006  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-498
28.01.17 21:00:24.006  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Enterprise Read-only Domain Controllers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.006  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-556) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.006  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-556
28.01.17 21:00:24.006  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Network Configuration Operators)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.007  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-574) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.007  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-574
28.01.17 21:00:24.007  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Certificate Service DCOM Access)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.008  LDAP        ( INFO    ) : Well known SID S-1-5-1 not found in Samba
28.01.17 21:00:24.008  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-32-562) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.008  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-32-562
28.01.17 21:00:24.008  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Distributed COM Users)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.009  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-519) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.009  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-519
28.01.17 21:00:24.009  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Enterprise Admins)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.010  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-518) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.010  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-518
28.01.17 21:00:24.010  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Schema Admins)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.010  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-517) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.010  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-517
28.01.17 21:00:24.010  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Cert Publishers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.011  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-516) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.011  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-516
28.01.17 21:00:24.011  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Domain Controllers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.011  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-515) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.012  LDAP        ( INFO    ) : Did not find an object with sambaSID=S-1-5-21-1189113234-4007179249-2818012324-515
28.01.17 21:00:24.012  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Domain Computers)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.012  LDAP        ( INFO    ) : uldap.search filter=(sambaSID=S-1-5-21-3493107020-993412228-777382970-514) base= scope=sub attr=['sambaSID', 'uid', 'cn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.012  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=sambaGroupMapping)(cn=Domain Guests)) base=dc=sht-mo,dc=local scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.013  LDAP        ( INFO    ) : uldap.search filter=(&(objectClass=posixGroup)(uniqueMember=cn=Domain Guests,cn=groups,dc=sht-mo,dc=local)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0
28.01.17 21:00:24.013  LDAP        ( PROCESS ) : Renaming 'cn=Domain Guests,cn=groups,dc=sht-mo,dc=local' to 'Domänen-Gäste' in UCS LDAP.

syslog
Jan 28 20:59:42 ucs-1 ntpd[4660]: ntpd exiting on signal 15
Jan 28 20:59:44 ucs-1 ntpd[5957]: ntpd 4.2.6p5@1.2349-o Thu Nov 10 19:52:24 UTC 2016 (1)
Jan 28 20:59:44 ucs-1 ntpd[5958]: proto: precision = 0.122 usec
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen and drop on 1 v6wildcard :: UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 2 lo 127.0.0.1 UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 3 eth0 192.168.20.4 UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 4 docker0 172.17.42.1 UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 5 lo ::1 UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 6 docker0 fe80::4480:b7ff:fe05:1a6c UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listen normally on 7 eth0 fe80::ec4:7aff:fe4c:b89e UDP 123
Jan 28 20:59:44 ucs-1 ntpd[5958]: peers refreshed
Jan 28 20:59:44 ucs-1 ntpd[5958]: Listening on routing socket on fd #24 for interface updates
Jan 28 20:59:44 ucs-1 ntpd[5958]: MS-SNTP signd operations currently block ntpd degrading service to all clients.
Jan 28 20:59:55 ucs-1 logger: /etc/init.d/slapd graceful-restart (pid: 6410, ppid: 5149 univention-dire)
Jan 28 20:59:55 ucs-1 logger: /etc/init.d/slapd graceful-stop (pid: 6418, ppid: 6410 slapd)
Jan 28 20:59:55 ucs-1 logger: /etc/init.d/slapd start (pid: 6431, ppid: 6410 slapd)
Jan 28 20:59:55 ucs-1 slapd[6442]: @(#) $OpenLDAP: slapd  (Nov  6 2015 08:03:15) $#012#011root@ladda:/var/build/temp/tmp.bfW1EHuZcn/pbuilder/openldap-2.4.42+dfsg/debian/build/servers/slapd
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6491]: (root) CMD (  if [ -x /usr/sbin/univention-umount-homedirs ]; then /usr/sbin/univention-umount-homedirs; fi)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6493]: (root) CMD ([ -x /usr/share/univention-ox/process-listener ] && /usr/share/univention-ox/process-listener)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6495]: (root) CMD (  [ -x /usr/lib/univention-pam/ldap-group-to-file.py ] && /usr/lib/univention-pam/ldap-group-to-file.py --check_member)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6496]: (root) CMD (/usr/share/univention-ssl/ssl-sync >>/var/log/univention/ssl-sync.log 2>&1)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6498]: (root) CMD ([ -x /usr/sbin/univention-system-stats ] && /usr/sbin/univention-system-stats >/dev/null)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6513]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
Jan 28 21:00:02 ucs-1 /USR/SBIN/CRON[6524]: (root) CMD (/usr/sbin/univention-mrtg)
Jan 28 21:00:11 ucs-1 nmbd[7020]: [2017/01/28 21:00:11.879125,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan 28 21:00:11 ucs-1 nmbd[7020]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
Jan 28 21:00:12 ucs-1 smbd[7023]: [2017/01/28 21:00:12.063620,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan 28 21:00:12 ucs-1 smbd[7023]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Jan 28 21:00:17 ucs-1 winbindd[7060]: [2017/01/28 21:00:17.161006,  0] ../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
Jan 28 21:00:17 ucs-1 winbindd[7060]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jan 28 21:00:17 ucs-1 winbindd[7060]: [2017/01/28 21:00:17.169798,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan 28 21:00:17 ucs-1 winbindd[7060]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Jan 28 21:00:38 ucs-1 nmbd[7020]: [2017/01/28 21:00:38.629778,  0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jan 28 21:00:38 ucs-1 nmbd[7020]:   *****
Jan 28 21:00:38 ucs-1 nmbd[7020]:   
Jan 28 21:00:38 ucs-1 nmbd[7020]:   Samba name server UCS-1 is now a local master browser for workgroup WORKGROUP on subnet 172.17.42.1
Jan 28 21:00:38 ucs-1 nmbd[7020]:   
Jan 28 21:00:38 ucs-1 nmbd[7020]:   *****
Jan 28 21:00:38 ucs-1 nmbd[7020]: [2017/01/28 21:00:38.630082,  0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
Jan 28 21:00:38 ucs-1 nmbd[7020]:   *****
Jan 28 21:00:38 ucs-1 nmbd[7020]:   
Jan 28 21:00:38 ucs-1 nmbd[7020]:   Samba name server UCS-1 is now a local master browser for workgroup WORKGROUP on subnet 192.168.20.4
Jan 28 21:00:38 ucs-1 nmbd[7020]:   
Jan 28 21:00:38 ucs-1 nmbd[7020]:   *****
Jan 28 21:05:01 ucs-1 /USR/SBIN/CRON[7283]: (root) CMD (  /usr/share/univention-directory-policy/univention-directory-policy-cron)
Jan 28 21:05:01 ucs-1 /USR/SBIN/CRON[7289]: (root) CMD ([ -x /usr/share/univention-ox/process-listener ] && /usr/share/univention-ox/process-listener)
Jan 28 21:05:01 ucs-1 /USR/SBIN/CRON[7291]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
Jan 28 21:05:01 ucs-1 /USR/SBIN/CRON[7299]: (root) CMD (  [ -x /usr/share/univention-updater/univention-updater-check ] && /usr/sbin/jitter 600 /usr/share/univention-updater/univention-updater-check 2> /dev/null > /dev/null)
Jan 28 21:05:14 ucs-1 winbindd[7060]: [2017/01/28 21:05:14.010191,  0] ../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
Jan 28 21:05:14 ucs-1 winbindd[7060]:   Got sig[15] terminate (is_parent=1)
Jan 28 21:05:14 ucs-1 winbindd[7065]: [2017/01/28 21:05:14.010188,  0] ../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
Jan 28 21:05:14 ucs-1 winbindd[7065]:   Got sig[15] terminate (is_parent=0)
Jan 28 21:05:14 ucs-1 nmbd[7020]: [2017/01/28 21:05:14.429166,  0] ../source3/nmbd/nmbd.c:58(terminate)
Jan 28 21:05:14 ucs-1 nmbd[7020]:   Got SIGTERM: going down...
Jan 28 21:06:00 ucs-1 logger: /etc/init.d/slapd graceful-restart (pid: 8252, ppid: 7076 univention-dire)
Jan 28 21:06:00 ucs-1 logger: /etc/init.d/slapd graceful-stop (pid: 8260, ppid: 8252 slapd)
Jan 28 21:06:15 ucs-1 logger: /etc/init.d/slapd start (pid: 8284, ppid: 8252 slapd)
Jan 28 21:06:15 ucs-1 slapd[8295]: @(#) $OpenLDAP: slapd  (Nov  6 2015 08:03:15) $#012#011root@ladda:/var/build/temp/tmp.bfW1EHuZcn/pbuilder/openldap-2.4.42+dfsg/debian/build/servers/slapd

join.log
univention-run-join-scripts started
Sam Jan 28 21:05:11 CET 2017

RUNNING 26univention-samba.inst
2017-01-28 21:05:11.853429335+01:00 (in joinscript_init)
Create samba/role
Module: ox-config
Multifile: /etc/samba/smb.conf
Create samba/profileserver
Create samba/profilepath
Create samba/homedirserver
Create samba/homedirpath
Create samba/homedirletter
Module: ox-config
Multifile: /etc/samba/smb.conf
Create samba/domain/security
Module: ox-config
Multifile: /etc/samba/smb.conf
Create samba/autostart
Module: ox-config
Multifile: /etc/samba/smb.conf
Not updating samba/autostart
Stopping the Winbind daemon: winbind.
Create samba/user
Create samba/user/pwdfile
Module: ox-config
Multifile: /etc/samba/smb.conf
Setting stored password for "cn=admin,dc=sht-mo,dc=local" in secrets.tdb
setting idmap secret for '*' from /etc/ldap.secret
Secret stored
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.
Object modified: cn=ucs-1,cn=dc,cn=computers,dc=sht-mo,dc=local
Using short domain name -- SHT-MO
Joined 'UCS-1' to domain 'SHT-MO'
Create windows/wins-support
Setting windows/wins-server
Module: ox-config
Multifile: /etc/samba/smb.conf
Stopping Samba daemons: nmbd smbd.
Stopping the Winbind daemon: winbind.
Starting Samba daemons: nmbd smbd.
Starting the Winbind daemon: winbind.
Successfully granted rights.
Successfully granted rights.
Object exists: cn=ucs-1.sht-mo.local,cn=shares,dc=sht-mo,dc=local
No modification: cn=ucs-1.sht-mo.local,cn=shares,dc=sht-mo,dc=local
Object exists: cn=services,cn=univention,dc=sht-mo,dc=local
Object created: cn=Samba 3,cn=services,cn=univention,dc=sht-mo,dc=local
Object modified: cn=ucs-1,cn=dc,cn=computers,dc=sht-mo,dc=local
2017-01-28 21:05:38.900324652+01:00 (in joinscript_save_current_version)
EXITCODE=0

Sam Jan 28 21:05:38 CET 2017
univention-run-join-scripts finished

listener.log
Restarting univention-saml.
Stopping univention-saml.
Stopping memcached: memcached_univention_saml.
Stopping SSL tunnels: /etc/stunnel/univention_saml.conf: stopped
done.
Starting univention-saml.
Starting memcached: memcached_univention_saml.
Starting SSL tunnels: /etc/stunnel/univention_saml.conf: started
done.
done.
28.01.17 20:59:55.622  LISTENER    ( WARN    ) : received signal 15
2865
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Checking Schema ID: ...done.
28.01.17 21:00:05.897  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=ucs-1.sht-mo.local port=7389 base=dc=sht-mo,dc=local
UNIVENTION_DEBUG_END    : uldap.__open host=ucs-1.sht-mo.local port=7389 base=dc=sht-mo,dc=local
28.01.17 21:00:06.068  LISTENER    ( PROCESS ) : updating 'cn=ucs-1,cn=dc,cn=computers,dc=sht-mo,dc=local' command m
28.01.17 21:00:06.186  LISTENER    ( PROCESS ) : updating 'cn=Samba 3,cn=services,cn=univention,dc=sht-mo,dc=local' command d
28.01.17 21:00:17.193  LISTENER    ( WARN    ) : received signal 15
28.01.17 21:00:22.351  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=ucs-1.sht-mo.local port=7389 base=dc=sht-mo,dc=local
UNIVENTION_DEBUG_END    : uldap.__open host=ucs-1.sht-mo.local port=7389 base=dc=sht-mo,dc=local
28.01.17 21:05:24.281  LISTENER    ( PROCESS ) : updating 'cn=ucs-1,cn=dc,cn=computers,dc=sht-mo,dc=local' command m
28.01.17 21:05:38.685  LISTENER    ( PROCESS ) : updating 'cn=Samba 3,cn=services,cn=univention,dc=sht-mo,dc=local' command a
28.01.17 21:05:38.773  LISTENER    ( PROCESS ) : updating 'cn=ucs-1,cn=dc,cn=computers,dc=sht-mo,dc=local' command m
Restarting univention-saml.
Stopping univention-saml.
Stopping memcached: memcached_univention_saml.
Stopping SSL tunnels: /etc/stunnel/univention_saml.conf: stopped
done.
Starting univention-saml.
Starting memcached: memcached_univention_saml.
Starting SSL tunnels: /etc/stunnel/univention_saml.conf: started
done.
done.
6443
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Checking Schema ID: ...done.

ahrnke · February 27, 2017, 9:32am

Hallo,

ist das Problem noch offen?
Irgendwie vermisse ich im join.log den Fehlschlag von 26univention-samba.inst.

Viele Grüße,
Dirk Ahrnke

Tueti · February 27, 2017, 4:41pm

Guten Nachmittag zusammen,

ja das Problem hat sich in der Zwischenzeit erledigt.

Den AD-Beitritt habe ich immer bereits direkt bei der Installation von UCS gemacht. Was sich nun als “Fehler” herausgestellt hat.

Eher aus Verzweiflung haben ich dann UCS auf dem Server neu installiert, aber zuerst nur das nackte UCS (ohne zusätzlich Apps wie AD-Join OX, …)
Lizenz aufgespielt und alle Updates installiert.
Und erst jetzt die AD-Join App installiert und der Domäne beigetreten. Und zum Abschluss noch OX installiert.

Und seitdem läuft das System perfekt.

Trotzdem Danke für das Feedback und die Nachfrage.

Viele Grüsse
Patrik Thürlemann