UCS bugs with Active directory connection

I tried to install UCS many times, but results the same…

  1. Can’t add to domain in installation… always looking for first installed USC server (was deleted) and then … re-configuring or finish. After finish can’t connect to UCS with local or domain credentials…The way to make USC server domain member is install server and choose new UCS domain same like in your organisation, and the use Active directory connection.

  2. When USC added to ad, there is no all users. My account is simple user in domain, I can see that in Microsoft AD, but not in UCS lists.

  3. I’m trying to use cloud service with ad. The problems everywhere: ownCloud, NextCloud problems to join AD. In UCS in domain scripts the state - pending - no change. OX drive looks like working, but can’t connect from application… SSL/TLS problems, good idea to write that need to import root sertificate from ucs server to local workstation, it solve the problem…

  4. When server shutting down always stuck on Reloading bind9 Domain Name server (DNS)

People, who knows how to win in this battle?

Good Morning Jsmulko
When more than one UCS system enters a Windows AD domain, they try to communicate with one another. Therefore the UCS systems searches for the DNS SRV domaincontroller_master record and tries to connect with it.

Deleting an UCS does not remove this record, it has to be done manually. This entry _domaincontroller_master has to be deleted. After which the system should be reinstalled.

  • In the screenshot below, the name of the Windows Host is WINAD, and the domain name is adwin.intranet.
  • Right click the highlighted entry and select delete.
    Screenshot from 2017-09-19 14-14-52

Regards
Anna Takang

Thanks for the explanation, but a lot of other questions still persists…

One of the most painful – users, UCS don’t see all users from AD!

What to do with that?

Hi jsmulko,

this problem occurs if UCS did not join the AD domain successfully. To solve this problem:

  • Go to the the installed application and look for Active Directory Connection and configure it.
  • Subsequently, the set-up wizard can be installed with the app Active Directory Connection from the Univention App Center. Alternativelyhe software package univention-ad-connector can be installed from the command line and configured through the UMC
    univention-install univention-ad-connector
    

The link below will be of help:
http://docs.software-univention.de/manual-4.2.html#ad-connector:general

Regards
Anna Takang

Hello again!

Join to AD domain was successful, and I made it trough installation wizard. After that i see a lot of users and groups but not all of them even i don’t see my self. But i in AD me simple user.
Not long ago i did one tricky thing… I have 2 test installation of UCS servers. I deleted my self from AD and create from new. And in one UCS server i finally found my account. But yesterday i made new installation of UCS server and in installation wizard added this server to AD domain successfully. But i don’t see my self in users. In one time in AD in 2 joined servers i have different users count:
ucs_1
ucs_2

How can it be?

Hi,

Maybe its the same problem as shown in this thread (only in german) :slight_smile:

rg
Christian

Maybe, but i don’t see decision in post…

How to make working connection to AD?

Hi Jsmulko,

I think there might be some problem with synchronization. You can take a look at the following log fifes:

# less /var/log/univention/connector.log
# less /var/log/univention/connector-status.log
# less /var/log/univention/listener.log

and the output of this file:

# univention-connector-list-rejected

Also look for the missing users

# univention-adsearch cn=username
# univention-ldapsearch uid=username

where username is a user who has not been synchronised (missisng user) yet.
Regards
Anna

Thanks for answer and help!

I found the problem in users… In telephone number field was a comma between telephone numbers. After delete user appear in UCS server list.

Next step Cloud service… ownCloud, Nextcloud… can’t join domain…
Status pending…

Waiting for activation of the extension object nextcloud: OK
Object exists: cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0 100 173 100 173 0 0 365 0 --:–:-- --:–:-- --:–:-- 364
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0 100 1708 100 138 100 1570 616 7008 --:–:-- --:–:-- --:–:-- 7040
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0 100 157 100 157 0 0 922 0 --:–:-- --:–:-- --:–:-- 923
Could not Administrator to admin group, because user was not found:

<?xml version="1.0"?> ok 200 OK

EXITCODE=0

Thu Sep 21 00:07:14 EEST 2017
univention-run-join-scripts finished

Good afternoon jsmulko,

from the log displayed:

I think the join failed because of this statement

When a system joins an AD domain, it then uses the names of the Administrators from the AD domain e.g in a French AD, it will be Administrateur.

ucr get users/default/administrator

This can be run if you are not the Administrator.

In which language do you have the AD domain running?

My regards

Anna Takang

Hello Anna!

Only English… :slight_smile:

Without domain it works, when added to AD … pending :frowning:

Regards
Jurijs

Is the attempted URL logged in the joinlog?

What do you mean?

Where I can check it?

/var/log/univention/join.log

Here is info from log fail:
Waiting for activation of the extension object nextcloud: OK
Object exists: cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudUserEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudUserQuota,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
E: Object exists: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
No modification: cn=nextcloudGroupEnabled,cn=nextcloud,cn=custom attributes,cn=univention,dc=DRS,dc=LV
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0^M100 173 100 173 0 0 462 0 --:–:-- --:–:-- --:–:--$
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0^M100 1708 100 138 100 1570 668 7606 --:–:-- --:–:-- --:–:--$
curl: (3) malformed
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0^M100 157 100 157 0 0 866 0 --:–:-- --:–:-- --:–:--$
Could not Administrator to admin group, because user was not found:

<?xml version="1.0"?> ok 200 OK

EXITCODE=0

Thu Sep 28 19:17:23 EEST 2017
univention-run-join-scripts finished

Hi!

On (writeable) domain controller, set the Administrator display name to Administrator (the original state is empty), then execute the join script again on UCS from the Domain Join page.

Greetings!

Trooper

No Luck…
Join script not working properly with nextcloud and AD…

This should be fixed with the 12.0.6-0 release, should become available these days

Hello to Everyone!

Anyway there is one more problem between AD and UCS…

I can’t see Contacts from AD in UCS no one!

How can check and solve this problem?

Regards
Jurijs

Mastodon