Wie hast du die Parametern denn aktuell gesetzt? Der Haken bei SSL sollte richtig sein, der Port auch.
so: ???
grad eben noch mal versucht zu joinen…
root@ucsnext:~# univention-join
univention-join: joins a computer to an ucs domain
copyright (c) 2001-2017 Univention GmbH, Germany
Enter DC Master Account : Administrator
Enter DC Master Password:
Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-notifier daemon: done
Stopping univention-directory-listener daemon: done
Sync ldap.secret: done
Sync ldap-backup.secret: done
Sync SSL directory: done
Check TLS connection: done
Download host certificate: done
Sync SSL settings: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst done
**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
* Message: FAILED: failed.ldif exists.
**************************************************************************
root@ucsnext:~#
Ach so ich versteh jetzt erst die Frage
uid=Administrator,cn=users,dc=top2,dc=top1
muß ins Feld Username,
dc=top2,dc=top1
ins Feld Base
ne will auch nicht klappen.
Zwischengedanke:
wäre es möglich den jetzigen, zerzausten MasterDC nach einer Sicherung der Benutzerprofile von den Windowsclients abzuschalten.
Dann einen neuen Master DC zu installieren und die Windowsclientprofile wieder einzuspielen?
Vermutlich kommt der Fehler daher, daß der UCS-CA nicht vertraut wird. Versuch es doch mal ohne SSL (Haken wegmachen, Port 7389!).
Dem Zwischengedanken kannst du vermutlich schon nachgehen. Aber ehrlich gesagt verstehe ich nicht, wieso du nicht mal das Paket fürs uvmm-Schema installierst. Das wäre das einfachste. Säubern kannst du das LDAP dann später immer noch!
UVMM habe ich schon installiert, siehe Anhang.
Ohne SSL hat es geklappt, Danke!
nun sind meine Join(Fehler)logs "unendlich lang, 500 Zeilen und mehr …vielleicht weil ich in der UCM Consolen, unter LDAP schon was gelöscht habe.
Das Paket univention-virtual-machine-manager-schema hätte gereicht. Was sind denn die Fehler?
welche log soll es den sein?
hier die join.log
root@XXXXXX:~# cat /var/log/univention/join.log
Tue Mar 7 21:56:49 CET 2017: starting /usr/share/univention-join/univention-join -dcaccount Administrator -dcpwd /tmp/tmp.FYLRGWMS5H
running version check
OK: UCS version on DCMXXXX.XXXXXX.bi is higher or equal (4.14) to the local version (4.14).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Tue Mar 7 20:56:59 CET 2017
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2017 Univention GmbH, Germany
ldap_dn="cn=XXXXXX,cn=dc,cn=computers,dc=XXXXXX,dc=bi"
/etc/idp-ldap-user.secret could not be read!
Create ldap/hostdn
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
/etc/idp-ldap-user.secret could not be read!
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Create ldap/master
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/init.d/slapd
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
rsync: opendir "/etc/univention/ssl/unassigned-hostname.unassigned-domain" failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1536) [generator=3.0.9]
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Not updating ldap/server/name
Not updating ldap/master
Setting kerberos/realm
File: /etc/krb5.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/krb5.conf
Setting dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Configure 01univention-ldap-server-init.inst Tue Mar 7 20:57:30 CET 2017
2017-03-07 20:57:30.802339813+01:00 (in joinscript_init)
Starting ldap server(s): slapd ...failed.
58bf10ab /etc/ldap/slapd.conf: line 164: unknown attr "@univentionVirtualMachine" in to clause 58bf10ab <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= bin boot dev etc home initrd.img initrd.img.install lib lib64 lost+found media mnt opt proc root run sbin selinux srv sys tmp usr var vmlinuz vmlinuz.install www | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ bin boot dev etc home initrd.img initrd.img.install lib lib64 lost+found media mnt opt proc root run sbin selinux srv sys tmp usr var vmlinuz vmlinuz.install www | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children <peernamestyle> ::= exact | regex | ip | ipv6 | path <domainstyle> ::= exact | regex | base(Object) | sub(tree) <access> ::= [[real]self]{<level>|<priv>} <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+ <control> ::= [ stop | continue | break ] dynacl: <name>=ACI <pattern>=<attrname> slapschema: bad configuration file!.
invoke-rc.d: initscript slapd, action "start" failed.
2017-03-07 20:57:31.245834998+01:00 (in joinscript_save_current_version)
Configure 02univention-directory-notifier.inst Tue Mar 7 20:57:31 CET 2017
2017-03-07 20:57:31.257521687+01:00 (in joinscript_init)
Starting Univention Directory Notifier daemon.
warning: univention-directory-notifier: unable to open supervise/ok: file does not exist
failed.
2017-03-07 20:57:31.287716488+01:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Tue Mar 7 20:57:31 CET 2017
2017-03-07 20:57:31.298666938+01:00 (in joinscript_init)
warning: univention-directory-listener: unable to open supervise/ok: file does not exist
Create ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
07.03.17 20:57:31.948 DEBUG_INIT
UNIVENTION_DEBUG_BEGIN : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
07.03.17 20:57:32.740 LISTENER ( WARN ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
07.03.17 20:57:34.135 LISTENER ( WARN ) : handler: faillog (not ready) (ignore)
07.03.17 20:57:34.136 LISTENER ( WARN ) : Set Schema ID to 16
07.03.17 20:57:34.136 LISTENER ( WARN ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting ldap server(s): slapd ...done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...retry #1....done.
Starting ldap server(s): slapd ...done.
07.03.17 20:57:50.806 LISTENER ( ERROR ) : replication: Invalid syntax; dn="uid=Guest,cn=users,dc=XXXXXX,dc=bi": Error
07.03.17 20:57:50.806 LISTENER ( ERROR ) : additional info: objectClass: value #12 invalid per syntax
07.03.17 20:57:51.958 LISTENER ( WARN ) : finished initializing module replication with rv=0
07.03.17 20:57:51.958 LISTENER ( WARN ) : initializing module nfs-homes
07.03.17 20:57:51.968 LISTENER ( WARN ) : finished initializing module nfs-homes with rv=0
07.03.17 20:57:51.968 LISTENER ( WARN ) : initializing module keytab-member
07.03.17 20:57:51.978 LISTENER ( WARN ) : finished initializing module keytab-member with rv=0
07.03.17 20:57:51.978 LISTENER ( WARN ) : initializing module gencertificate
07.03.17 20:57:51.989 LISTENER ( WARN ) : finished initializing module gencertificate with rv=0
07.03.17 20:57:51.989 LISTENER ( WARN ) : initializing module well-known-sid-name-mapping
07.03.17 20:57:52.043 LISTENER ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
07.03.17 20:57:53.020 LISTENER ( WARN ) : finished initializing module well-known-sid-name-mapping with rv=0
07.03.17 20:57:53.020 LISTENER ( WARN ) : initializing module ldap_extension
07.03.17 20:57:54.517 LISTENER ( WARN ) : finished initializing module ldap_extension with rv=0
07.03.17 20:57:54.517 LISTENER ( WARN ) : initializing module faillog
07.03.17 20:57:54.533 LISTENER ( WARN ) : finished initializing module faillog with rv=0
07.03.17 20:57:54.533 LISTENER ( WARN ) : initializing module umc-service-providers
07.03.17 20:57:55.170 LISTENER ( WARN ) : finished initializing module umc-service-providers with rv=0
07.03.17 20:57:55.171 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration
07.03.17 20:57:55.616 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
07.03.17 20:57:55.616 LISTENER ( WARN ) : initializing module nagios-client
07.03.17 20:57:55.655 LISTENER ( WARN ) : finished initializing module nagios-client with rv=0
07.03.17 20:57:55.655 LISTENER ( WARN ) : initializing module ldap_server
07.03.17 20:57:56.793 LISTENER ( WARN ) : finished initializing module ldap_server with rv=0
07.03.17 20:57:56.793 LISTENER ( WARN ) : initializing module univention-saml-servers
07.03.17 20:57:57.153 LISTENER ( WARN ) : finished initializing module univention-saml-servers with rv=0
07.03.17 20:57:57.153 LISTENER ( WARN ) : initializing module quota
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Create groups/default/printoperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Create umc/saml/trusted/sp/ucsHOT.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/DCMXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Create ldap/backup
File: /etc/ntp.conf
File: /etc/default/ntpdate
Setting ldap/backup
File: /etc/ntp.conf
File: /etc/default/ntpdate
Setting ldap/master
Setting kerberos/adminserver
File: /etc/ntp.conf
File: /etc/krb5.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Create ucs/server/saml-idp-server/DCMXXXX.XXXXXX.bi
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 20:57:57.179 LISTENER ( WARN ) : handler: quota (failed)
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 20:57:57.189 LISTENER ( WARN ) : handler: quota (failed)
07.03.17 20:57:57.191 LISTENER ( WARN ) : finished initializing module quota with rv=0
07.03.17 20:57:57.191 LISTENER ( WARN ) : initializing module license_uuid
07.03.17 20:57:57.404 LISTENER ( WARN ) : finished initializing module license_uuid with rv=0
07.03.17 20:57:57.404 LISTENER ( WARN ) : initializing module nscd_update
07.03.17 20:57:57.420 LISTENER ( WARN ) : finished initializing module nscd_update with rv=0
07.03.17 20:57:57.420 LISTENER ( WARN ) : initializing module nss
07.03.17 20:57:57.433 LISTENER ( WARN ) : finished initializing module nss with rv=0
07.03.17 20:57:57.433 LISTENER ( WARN ) : initializing module nfs-shares
07.03.17 20:57:57.442 LISTENER ( WARN ) : finished initializing module nfs-shares with rv=0
07.03.17 20:57:57.442 LISTENER ( WARN ) : initializing module udm_extension
07.03.17 20:57:57.940 LISTENER ( WARN ) : finished initializing module udm_extension with rv=0
07.03.17 20:57:57.940 LISTENER ( WARN ) : initializing module keytab
kadmin: ext host/XXXXXX.XXXXXX.bi@XXXXXX.BI: Principal does not exist
07.03.17 20:57:57.960 LISTENER ( WARN ) : finished initializing module keytab with rv=0
07.03.17 20:57:57.960 LISTENER ( WARN ) : initializing module hosteddomains
07.03.17 20:57:58.204 LISTENER ( WARN ) : finished initializing module hosteddomains with rv=0
07.03.17 20:57:58.204 LISTENER ( WARN ) : initializing module bind
07.03.17 20:57:58.219 LISTENER ( WARN ) : finished initializing module bind with rv=0
07.03.17 20:57:58.219 LISTENER ( WARN ) : initializing module pkgdb-watch
07.03.17 20:57:58.229 LISTENER ( WARN ) : finished initializing module pkgdb-watch with rv=0
17052
07.03.17 20:57:58.614 LISTENER ( PROCESS ) : ldap_extension: Reloading LDAP server.
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
17354
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
Traceback (most recent call last):
File "/usr/lib/univention-pam/ldap-group-to-file.py", line 109, in <module>
lo = univention.uldap.getMachineConnection( ldap_master=False )
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Create license/base
Create uuid/license
File: /etc/apt/apt.conf.d/55user_agent
Create mail/hosteddomains
Module: create-archivefolder
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Starting univention-directory-listener daemon.
done.
2017-03-07 20:58:31.269180873+01:00 (in joinscript_save_current_version)
Tue Mar 7 20:58:31 CET 2017: finish /usr/share/univention-join/univention-join
Tue Mar 7 21:16:03 CET 2017: starting /usr/sbin/univention-join
running version check
OK: UCS version on DCMXXXX.XXXXXX.bi is higher or equal (4.14) to the local version (4.14).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Tue Mar 7 21:17:07 CET 2017
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2017 Univention GmbH, Germany
ldap_dn="cn=XXXXXX,cn=dc,cn=computers,dc=XXXXXX,dc=bi"
/etc/idp-ldap-user.secret could not be read!
Setting hostname
Setting ldap/hostdn
File: /etc/stunnel/univention_saml.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/welcome.msg
Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php
File: /etc/pam_ldap.conf
File: /etc/issue
Multifile: /etc/hosts
File: /etc/dhcp/dhclient.conf
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
File: /etc/apache2/conf.d/ucs.conf
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/simplesamlphp/config.php
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/mailname
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/apache2/sites-available/default-ssl
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/hostname
Multifile: /etc/postfix/ldap.saslusermapping
File: /var/www/ucs-overview/entries.json
Multifile: /etc/pam.d/univention-management-console
ok: down: univention-directory-notifier: 0s
ok: down: univention-directory-listener: 18s
/etc/idp-ldap-user.secret could not be read!
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Setting ldap/master
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/init.d/slapd
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
rsync: opendir "/etc/univention/ssl/unassigned-hostname.unassigned-domain" failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1536) [generator=3.0.9]
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Not updating ldap/server/name
Not updating ldap/master
Setting kerberos/realm
File: /etc/krb5.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/krb5.conf
Setting dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Configure 01univention-ldap-server-init.inst Tue Mar 7 21:17:39 CET 2017
2017-03-07 21:17:39.975301131+01:00 (in joinscript_init)
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
invoke-rc.d: initscript slapd, action "start" failed.
2017-03-07 21:17:40.975534410+01:00 (in joinscript_save_current_version)
Configure 02univention-directory-notifier.inst Tue Mar 7 21:17:40 CET 2017
2017-03-07 21:17:40.985492299+01:00 (in joinscript_init)
Starting Univention Directory Notifier daemon.
ok: run: univention-directory-notifier: (pid 5726) 0s, normally down
done.
2017-03-07 21:17:41.432129101+01:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Tue Mar 7 21:17:41 CET 2017
2017-03-07 21:17:41.441680728+01:00 (in joinscript_init)
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
07.03.17 21:17:42.208 DEBUG_INIT
UNIVENTION_DEBUG_BEGIN : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
07.03.17 21:17:42.688 LISTENER ( WARN ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
07.03.17 21:17:43.996 LISTENER ( WARN ) : handler: faillog (not ready) (ignore)
07.03.17 21:17:43.997 LISTENER ( WARN ) : Set Schema ID to 16
07.03.17 21:17:43.997 LISTENER ( WARN ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting ldap server(s): slapd ...done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...retry #1....done.
Starting ldap server(s): slapd ...done.
07.03.17 21:18:00.311 LISTENER ( ERROR ) : replication: Invalid syntax; dn="uid=Guest,cn=users,dc=XXXXXX,dc=bi": Error
07.03.17 21:18:00.311 LISTENER ( ERROR ) : additional info: objectClass: value #12 invalid per syntax
07.03.17 21:18:01.449 LISTENER ( WARN ) : finished initializing module replication with rv=0
07.03.17 21:18:01.449 LISTENER ( WARN ) : initializing module nfs-homes
07.03.17 21:18:01.459 LISTENER ( WARN ) : finished initializing module nfs-homes with rv=0
07.03.17 21:18:01.459 LISTENER ( WARN ) : initializing module keytab-member
07.03.17 21:18:01.468 LISTENER ( WARN ) : finished initializing module keytab-member with rv=0
07.03.17 21:18:01.468 LISTENER ( WARN ) : initializing module gencertificate
07.03.17 21:18:01.480 LISTENER ( WARN ) : finished initializing module gencertificate with rv=0
07.03.17 21:18:01.480 LISTENER ( WARN ) : initializing module well-known-sid-name-mapping
07.03.17 21:18:01.532 LISTENER ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
07.03.17 21:18:02.518 LISTENER ( WARN ) : finished initializing module well-known-sid-name-mapping with rv=0
07.03.17 21:18:02.518 LISTENER ( WARN ) : initializing module ldap_extension
07.03.17 21:18:03.949 LISTENER ( WARN ) : finished initializing module ldap_extension with rv=0
07.03.17 21:18:03.949 LISTENER ( WARN ) : initializing module faillog
07.03.17 21:18:03.964 LISTENER ( WARN ) : finished initializing module faillog with rv=0
07.03.17 21:18:03.964 LISTENER ( WARN ) : initializing module umc-service-providers
07.03.17 21:18:04.870 LISTENER ( WARN ) : finished initializing module umc-service-providers with rv=0
07.03.17 21:18:04.870 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration
07.03.17 21:18:05.189 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
07.03.17 21:18:05.189 LISTENER ( WARN ) : initializing module nagios-client
07.03.17 21:18:05.284 LISTENER ( WARN ) : finished initializing module nagios-client with rv=0
07.03.17 21:18:05.284 LISTENER ( WARN ) : initializing module ldap_server
07.03.17 21:18:05.993 LISTENER ( WARN ) : finished initializing module ldap_server with rv=0
07.03.17 21:18:05.993 LISTENER ( WARN ) : initializing module univention-saml-servers
07.03.17 21:18:06.340 LISTENER ( WARN ) : finished initializing module univention-saml-servers with rv=0
07.03.17 21:18:06.341 LISTENER ( WARN ) : initializing module quota
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Setting groups/default/printoperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Setting umc/saml/trusted/sp/ucsHOT.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/XXXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/DCMXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting ldap/master
Setting kerberos/adminserver
File: /etc/ntp.conf
File: /etc/krb5.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Setting ucs/server/saml-idp-server/DCMXXXX.XXXXXX.bi
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 21:18:06.381 LISTENER ( WARN ) : handler: quota (failed)
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 21:18:06.399 LISTENER ( WARN ) : handler: quota (failed)
07.03.17 21:18:06.403 LISTENER ( WARN ) : finished initializing module quota with rv=0
07.03.17 21:18:06.404 LISTENER ( WARN ) : initializing module license_uuid
07.03.17 21:18:06.700 LISTENER ( WARN ) : finished initializing module license_uuid with rv=0
07.03.17 21:18:06.700 LISTENER ( WARN ) : initializing module nscd_update
07.03.17 21:18:06.715 LISTENER ( WARN ) : finished initializing module nscd_update with rv=0
07.03.17 21:18:06.715 LISTENER ( WARN ) : initializing module nss
07.03.17 21:18:06.729 LISTENER ( WARN ) : finished initializing module nss with rv=0
07.03.17 21:18:06.729 LISTENER ( WARN ) : initializing module nfs-shares
07.03.17 21:18:06.737 LISTENER ( WARN ) : finished initializing module nfs-shares with rv=0
07.03.17 21:18:06.737 LISTENER ( WARN ) : initializing module udm_extension
07.03.17 21:18:07.359 LISTENER ( WARN ) : finished initializing module udm_extension with rv=0
07.03.17 21:18:07.359 LISTENER ( WARN ) : initializing module keytab
kadmin: ext host/XXXXXX.XXXXXX.bi@XXXXXX.BI: Principal does not exist
07.03.17 21:18:07.378 LISTENER ( WARN ) : finished initializing module keytab with rv=0
07.03.17 21:18:07.378 LISTENER ( WARN ) : initializing module hosteddomains
07.03.17 21:18:07.390 LISTENER ( WARN ) : finished initializing module hosteddomains with rv=0
07.03.17 21:18:07.391 LISTENER ( WARN ) : initializing module bind
07.03.17 21:18:07.403 LISTENER ( WARN ) : finished initializing module bind with rv=0
07.03.17 21:18:07.403 LISTENER ( WARN ) : initializing module pkgdb-watch
07.03.17 21:18:07.413 LISTENER ( WARN ) : finished initializing module pkgdb-watch with rv=0
5875
07.03.17 21:18:07.563 LISTENER ( PROCESS ) : ldap_extension: Reloading LDAP server.
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
6067
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
Traceback (most recent call last):
File "/usr/lib/univention-pam/ldap-group-to-file.py", line 109, in <module>
lo = univention.uldap.getMachineConnection( ldap_master=False )
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Setting license/base
Setting uuid/license
File: /etc/apt/apt.conf.d/55user_agent
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Starting univention-directory-listener daemon.
done.
2017-03-07 21:18:40.327992881+01:00 (in joinscript_save_current_version)
Tue Mar 7 21:18:40 CET 2017: finish /usr/sbin/univention-join
Tue Mar 7 21:45:35 CET 2017: starting /usr/sbin/univention-join
running version check
OK: UCS version on DCMXXXX.XXXXXX.bi is higher or equal (4.14) to the local version (4.14).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Tue Mar 7 21:46:00 CET 2017
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2017 Univention GmbH, Germany
ldap_dn="cn=XXXXXX,cn=dc,cn=computers,dc=XXXXXX,dc=bi"
/etc/idp-ldap-user.secret could not be read!
Setting hostname
Setting ldap/hostdn
File: /etc/stunnel/univention_saml.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/welcome.msg
Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php
File: /etc/pam_ldap.conf
File: /etc/issue
Multifile: /etc/hosts
File: /etc/dhcp/dhclient.conf
File: /etc/apache2/conf.d/ucs.conf
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/simplesamlphp/config.php
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/mailname
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/apache2/sites-available/default-ssl
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/hostname
Multifile: /etc/postfix/ldap.saslusermapping
File: /var/www/ucs-overview/entries.json
Multifile: /etc/pam.d/univention-management-console
ok: down: univention-directory-notifier: 0s
ok: down: univention-directory-listener: 863s
/etc/idp-ldap-user.secret could not be read!
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Setting ldap/master
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/init.d/slapd
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
rsync: opendir "/etc/univention/ssl/unassigned-hostname.unassigned-domain" failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1536) [generator=3.0.9]
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Not updating ldap/server/name
Not updating ldap/master
Setting kerberos/realm
File: /etc/krb5.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/krb5.conf
Setting dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Configure 01univention-ldap-server-init.inst Tue Mar 7 21:46:33 CET 2017
2017-03-07 21:46:33.754984922+01:00 (in joinscript_init)
Starting ldap server(s): slapd ...done.
2017-03-07 21:46:34.022920882+01:00 (in joinscript_save_current_version)
Configure 02univention-directory-notifier.inst Tue Mar 7 21:46:34 CET 2017
2017-03-07 21:46:34.032530397+01:00 (in joinscript_init)
Starting Univention Directory Notifier daemon.
ok: run: univention-directory-notifier: (pid 8177) 0s, normally down
done.
2017-03-07 21:46:34.477245909+01:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Tue Mar 7 21:46:34 CET 2017
2017-03-07 21:46:34.486286573+01:00 (in joinscript_init)
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
07.03.17 21:46:35.209 DEBUG_INIT
UNIVENTION_DEBUG_BEGIN : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
07.03.17 21:46:35.622 LISTENER ( WARN ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
07.03.17 21:46:36.917 LISTENER ( WARN ) : handler: faillog (not ready) (ignore)
07.03.17 21:46:36.919 LISTENER ( WARN ) : Set Schema ID to 16
07.03.17 21:46:36.919 LISTENER ( WARN ) : initializing module replication
…und die Fortsetzung …
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting ldap server(s): slapd ...done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...retry #1....done.
Starting ldap server(s): slapd ...done.
07.03.17 21:46:53.152 LISTENER ( ERROR ) : replication: Invalid syntax; dn="uid=Guest,cn=users,dc=XXXXXX,dc=bi": Error
07.03.17 21:46:53.152 LISTENER ( ERROR ) : additional info: objectClass: value #12 invalid per syntax
07.03.17 21:46:54.275 LISTENER ( WARN ) : finished initializing module replication with rv=0
07.03.17 21:46:54.275 LISTENER ( WARN ) : initializing module nfs-homes
07.03.17 21:46:54.288 LISTENER ( WARN ) : finished initializing module nfs-homes with rv=0
07.03.17 21:46:54.288 LISTENER ( WARN ) : initializing module keytab-member
07.03.17 21:46:54.303 LISTENER ( WARN ) : finished initializing module keytab-member with rv=0
07.03.17 21:46:54.303 LISTENER ( WARN ) : initializing module gencertificate
07.03.17 21:46:54.319 LISTENER ( WARN ) : finished initializing module gencertificate with rv=0
07.03.17 21:46:54.319 LISTENER ( WARN ) : initializing module well-known-sid-name-mapping
07.03.17 21:46:54.374 LISTENER ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
07.03.17 21:46:55.577 LISTENER ( WARN ) : finished initializing module well-known-sid-name-mapping with rv=0
07.03.17 21:46:55.577 LISTENER ( WARN ) : initializing module ldap_extension
07.03.17 21:46:57.024 LISTENER ( WARN ) : finished initializing module ldap_extension with rv=0
07.03.17 21:46:57.024 LISTENER ( WARN ) : initializing module faillog
07.03.17 21:46:57.041 LISTENER ( WARN ) : finished initializing module faillog with rv=0
07.03.17 21:46:57.042 LISTENER ( WARN ) : initializing module umc-service-providers
07.03.17 21:46:57.872 LISTENER ( WARN ) : finished initializing module umc-service-providers with rv=0
07.03.17 21:46:57.872 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration
07.03.17 21:46:58.127 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
07.03.17 21:46:58.127 LISTENER ( WARN ) : initializing module nagios-client
07.03.17 21:46:58.142 LISTENER ( WARN ) : finished initializing module nagios-client with rv=0
07.03.17 21:46:58.142 LISTENER ( WARN ) : initializing module ldap_server
07.03.17 21:46:58.699 LISTENER ( WARN ) : finished initializing module ldap_server with rv=0
07.03.17 21:46:58.699 LISTENER ( WARN ) : initializing module univention-saml-servers
07.03.17 21:46:59.247 LISTENER ( WARN ) : finished initializing module univention-saml-servers with rv=0
07.03.17 21:46:59.247 LISTENER ( WARN ) : initializing module quota
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Setting groups/default/printoperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Setting umc/saml/trusted/sp/ucsHOT.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/XXXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/DCMXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting ldap/master
Setting kerberos/adminserver
File: /etc/ntp.conf
File: /etc/krb5.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Setting ucs/server/saml-idp-server/DCMXXXX.XXXXXX.bi
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 21:46:59.273 LISTENER ( WARN ) : handler: quota (failed)
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 21:46:59.282 LISTENER ( WARN ) : handler: quota (failed)
07.03.17 21:46:59.284 LISTENER ( WARN ) : finished initializing module quota with rv=0
07.03.17 21:46:59.284 LISTENER ( WARN ) : initializing module license_uuid
07.03.17 21:46:59.553 LISTENER ( WARN ) : finished initializing module license_uuid with rv=0
07.03.17 21:46:59.553 LISTENER ( WARN ) : initializing module nscd_update
07.03.17 21:46:59.572 LISTENER ( WARN ) : finished initializing module nscd_update with rv=0
07.03.17 21:46:59.572 LISTENER ( WARN ) : initializing module nss
07.03.17 21:46:59.591 LISTENER ( WARN ) : finished initializing module nss with rv=0
07.03.17 21:46:59.591 LISTENER ( WARN ) : initializing module nfs-shares
07.03.17 21:46:59.602 LISTENER ( WARN ) : finished initializing module nfs-shares with rv=0
07.03.17 21:46:59.602 LISTENER ( WARN ) : initializing module udm_extension
07.03.17 21:47:00.174 LISTENER ( WARN ) : finished initializing module udm_extension with rv=0
07.03.17 21:47:00.175 LISTENER ( WARN ) : initializing module keytab
kadmin: ext host/XXXXXX.XXXXXX.bi@XXXXXX.BI: Principal does not exist
07.03.17 21:47:00.195 LISTENER ( WARN ) : finished initializing module keytab with rv=0
07.03.17 21:47:00.195 LISTENER ( WARN ) : initializing module hosteddomains
07.03.17 21:47:00.206 LISTENER ( WARN ) : finished initializing module hosteddomains with rv=0
07.03.17 21:47:00.206 LISTENER ( WARN ) : initializing module bind
07.03.17 21:47:00.218 LISTENER ( WARN ) : finished initializing module bind with rv=0
07.03.17 21:47:00.219 LISTENER ( WARN ) : initializing module pkgdb-watch
07.03.17 21:47:00.228 LISTENER ( WARN ) : finished initializing module pkgdb-watch with rv=0
8326
07.03.17 21:47:00.497 LISTENER ( PROCESS ) : ldap_extension: Reloading LDAP server.
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
8518
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
Traceback (most recent call last):
File "/usr/lib/univention-pam/ldap-group-to-file.py", line 109, in <module>
lo = univention.uldap.getMachineConnection( ldap_master=False )
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Setting license/base
Setting uuid/license
File: /etc/apt/apt.conf.d/55user_agent
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Starting univention-directory-listener daemon.
done.
2017-03-07 21:47:33.068445592+01:00 (in joinscript_save_current_version)
Tue Mar 7 21:47:33 CET 2017: finish /usr/sbin/univention-join
root@XXXXXX:~# rm /var/log/univention/join.log
root@XXXXXX:~# cat /var/log/univention/join.log
cat: /var/log/univention/join.log: Datei oder Verzeichnis nicht gefunden
root@XXXXXX:~# univention-join
univention-join: joins a computer to an ucs domain
copyright (c) 2001-2017 Univention GmbH, Germany
Enter DC Master Account : Administrator
Enter DC Master Password:
Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-notifier daemon: done
Stopping univention-directory-listener daemon: done
Sync ldap.secret: done
Sync ldap-backup.secret: done
Sync SSL directory: done
Check TLS connection: done
Download host certificate: done
Sync SSL settings: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst done
**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
* Message: FAILED: failed.ldif exists.
**************************************************************************
root@XXXXXX:~# cat /var/log/univention/join.log
Tue Mar 7 22:28:51 CET 2017: starting /usr/sbin/univention-join
running version check
OK: UCS version on DCMXXXX.XXXXXX.bi is higher or equal (4.14) to the local version (4.14).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Tue Mar 7 22:29:21 CET 2017
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2017 Univention GmbH, Germany
ldap_dn="cn=XXXXXX,cn=dc,cn=computers,dc=XXXXXX,dc=bi"
/etc/idp-ldap-user.secret could not be read!
Setting hostname
Setting ldap/hostdn
File: /etc/stunnel/univention_saml.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/welcome.msg
Multifile: /etc/simplesamlphp/metadata/saml20-idp-hosted.php
File: /etc/pam_ldap.conf
File: /etc/issue
Multifile: /etc/hosts
File: /etc/dhcp/dhclient.conf
File: /etc/apache2/conf.d/ucs.conf
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/simplesamlphp/config.php
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/mailname
File: /etc/cron.d/univention-directory-policy
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/apache2/sites-available/default-ssl
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/hostname
Multifile: /etc/postfix/ldap.saslusermapping
File: /var/www/ucs-overview/entries.json
Multifile: /etc/pam.d/univention-management-console
ok: down: univention-directory-notifier: 0s
ok: down: univention-directory-listener: 17s
/etc/idp-ldap-user.secret could not be read!
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Setting ldap/master
Not updating ldap/master/port
Setting ldap/server/type
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/krb5.conf
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/init.d/slapd
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Multifile: /etc/simplesamlphp/authsources.php
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
rsync: opendir "/etc/univention/ssl/unassigned-hostname.unassigned-domain" failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1536) [generator=3.0.9]
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Setting ssl/country
Setting ssl/state
Setting ssl/locality
Setting ssl/organization
Setting ssl/organizationalunit
Setting ssl/common
Setting ssl/email
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Not updating ldap/server/name
Not updating ldap/master
Setting kerberos/realm
File: /etc/krb5.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/krb5.conf
Setting dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Configure 01univention-ldap-server-init.inst Tue Mar 7 22:29:52 CET 2017
2017-03-07 22:29:52.161131005+01:00 (in joinscript_init)
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
invoke-rc.d: initscript slapd, action "start" failed.
2017-03-07 22:29:52.599435389+01:00 (in joinscript_save_current_version)
Configure 02univention-directory-notifier.inst Tue Mar 7 22:29:52 CET 2017
2017-03-07 22:29:52.609187405+01:00 (in joinscript_init)
Starting Univention Directory Notifier daemon.
ok: run: univention-directory-notifier: (pid 10598) 1s, normally down
done.
2017-03-07 22:29:53.053796187+01:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Tue Mar 7 22:29:53 CET 2017
2017-03-07 22:29:53.062900920+01:00 (in joinscript_init)
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
07.03.17 22:29:53.676 DEBUG_INIT
UNIVENTION_DEBUG_BEGIN : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=DCMXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
07.03.17 22:29:54.134 LISTENER ( WARN ) : handler: replication (not ready) (ignore)
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
07.03.17 22:29:55.429 LISTENER ( WARN ) : handler: faillog (not ready) (ignore)
07.03.17 22:29:55.430 LISTENER ( WARN ) : Set Schema ID to 16
07.03.17 22:29:55.430 LISTENER ( WARN ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: Kein Prozess gefunden
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting ldap server(s): slapd ...done.
Restarting ldap server(s).
Stopping ldap server(s): slapd ...retry #1....done.
Starting ldap server(s): slapd ...done.
07.03.17 22:30:11.914 LISTENER ( ERROR ) : replication: Invalid syntax; dn="uid=Guest,cn=users,dc=XXXXXX,dc=bi": Error
07.03.17 22:30:11.914 LISTENER ( ERROR ) : additional info: objectClass: value #12 invalid per syntax
07.03.17 22:30:12.979 LISTENER ( WARN ) : finished initializing module replication with rv=0
07.03.17 22:30:12.979 LISTENER ( WARN ) : initializing module nfs-homes
07.03.17 22:30:12.989 LISTENER ( WARN ) : finished initializing module nfs-homes with rv=0
07.03.17 22:30:12.989 LISTENER ( WARN ) : initializing module keytab-member
07.03.17 22:30:13.000 LISTENER ( WARN ) : finished initializing module keytab-member with rv=0
07.03.17 22:30:13.000 LISTENER ( WARN ) : initializing module gencertificate
07.03.17 22:30:13.013 LISTENER ( WARN ) : finished initializing module gencertificate with rv=0
07.03.17 22:30:13.013 LISTENER ( WARN ) : initializing module well-known-sid-name-mapping
07.03.17 22:30:13.052 LISTENER ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
07.03.17 22:30:13.990 LISTENER ( WARN ) : finished initializing module well-known-sid-name-mapping with rv=0
07.03.17 22:30:13.990 LISTENER ( WARN ) : initializing module ldap_extension
07.03.17 22:30:15.396 LISTENER ( WARN ) : finished initializing module ldap_extension with rv=0
07.03.17 22:30:15.396 LISTENER ( WARN ) : initializing module faillog
07.03.17 22:30:15.411 LISTENER ( WARN ) : finished initializing module faillog with rv=0
07.03.17 22:30:15.411 LISTENER ( WARN ) : initializing module umc-service-providers
07.03.17 22:30:16.655 LISTENER ( WARN ) : finished initializing module umc-service-providers with rv=0
07.03.17 22:30:16.655 LISTENER ( WARN ) : initializing module univention-saml-simplesamlphp-configuration
07.03.17 22:30:16.913 LISTENER ( WARN ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
07.03.17 22:30:16.913 LISTENER ( WARN ) : initializing module nagios-client
07.03.17 22:30:16.929 LISTENER ( WARN ) : finished initializing module nagios-client with rv=0
07.03.17 22:30:16.929 LISTENER ( WARN ) : initializing module ldap_server
07.03.17 22:30:17.474 LISTENER ( WARN ) : finished initializing module ldap_server with rv=0
07.03.17 22:30:17.474 LISTENER ( WARN ) : initializing module univention-saml-servers
07.03.17 22:30:17.821 LISTENER ( WARN ) : finished initializing module univention-saml-servers with rv=0
07.03.17 22:30:17.821 LISTENER ( WARN ) : initializing module quota
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Setting groups/default/printoperators
File: /etc/security/access-sudo.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/access-ftp.conf
File: /etc/security/access-kscreensaver.conf
File: /etc/security/access-passwd.conf
File: /etc/security/access-su.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-kdm.conf
File: /etc/security/access-rsh.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-kcheckpass.conf
File: /etc/security/access-kde.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-screen.conf
File: /etc/security/access-login.conf
File: /etc/security/access-gdm.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-other.conf
File: /etc/security/limits.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/ldap/slapd.conf
Setting umc/saml/trusted/sp/ucsHOT.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/XXXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting umc/saml/trusted/sp/DCMXXXX.XXXXXX.bi
File: /etc/ldap/sasl2/slapd.conf
Setting ldap/master
Setting kerberos/adminserver
File: /etc/ntp.conf
File: /etc/krb5.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Setting ucs/server/saml-idp-server/DCMXXXX.XXXXXX.bi
File: /etc/stunnel/univention_saml.conf
File: /etc/simplesamlphp/config.php
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 22:30:17.845 LISTENER ( WARN ) : handler: quota (failed)
UNIVENTION_DEBUG_BEGIN : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
UNIVENTION_DEBUG_END : uldap.__open host=XXXXXX.XXXXXX.bi port=7389 base=dc=XXXXXX,dc=bi
Traceback (most recent call last):
File "/usr/lib/univention-directory-listener/system/quota.py", line 213, in handler
if _is_container_change_relevant(new, old):
File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File "/usr/lib/univention-directory-listener/system/quota.py", line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
07.03.17 22:30:17.853 LISTENER ( WARN ) : handler: quota (failed)
07.03.17 22:30:17.855 LISTENER ( WARN ) : finished initializing module quota with rv=0
07.03.17 22:30:17.856 LISTENER ( WARN ) : initializing module license_uuid
07.03.17 22:30:18.064 LISTENER ( WARN ) : finished initializing module license_uuid with rv=0
07.03.17 22:30:18.064 LISTENER ( WARN ) : initializing module nscd_update
07.03.17 22:30:18.079 LISTENER ( WARN ) : finished initializing module nscd_update with rv=0
07.03.17 22:30:18.079 LISTENER ( WARN ) : initializing module nss
07.03.17 22:30:18.093 LISTENER ( WARN ) : finished initializing module nss with rv=0
07.03.17 22:30:18.093 LISTENER ( WARN ) : initializing module nfs-shares
07.03.17 22:30:18.101 LISTENER ( WARN ) : finished initializing module nfs-shares with rv=0
07.03.17 22:30:18.101 LISTENER ( WARN ) : initializing module udm_extension
07.03.17 22:30:18.592 LISTENER ( WARN ) : finished initializing module udm_extension with rv=0
07.03.17 22:30:18.592 LISTENER ( WARN ) : initializing module keytab
kadmin: ext host/XXXXXX.XXXXXX.bi@XXXXXX.BI: Principal does not exist
07.03.17 22:30:18.612 LISTENER ( WARN ) : finished initializing module keytab with rv=0
07.03.17 22:30:18.612 LISTENER ( WARN ) : initializing module hosteddomains
07.03.17 22:30:18.623 LISTENER ( WARN ) : finished initializing module hosteddomains with rv=0
07.03.17 22:30:18.623 LISTENER ( WARN ) : initializing module bind
07.03.17 22:30:18.635 LISTENER ( WARN ) : finished initializing module bind with rv=0
07.03.17 22:30:18.635 LISTENER ( WARN ) : initializing module pkgdb-watch
07.03.17 22:30:18.645 LISTENER ( WARN ) : finished initializing module pkgdb-watch with rv=0
10880
07.03.17 22:30:18.841 LISTENER ( PROCESS ) : ldap_extension: Reloading LDAP server.
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...retry #1....retry #2....done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
11072
Initiating graceful reload of ldap server(s).
Sending HUP to ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Stopping nagios-nrpe: nagios-nrpe.
Starting nagios-nrpe: nagios-nrpe.
Traceback (most recent call last):
File "/usr/lib/univention-pam/ldap-group-to-file.py", line 109, in <module>
lo = univention.uldap.getMachineConnection( ldap_master=False )
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 89, in getMachineConnection
return access(host=ucr['ldap/server/name'], port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 150, in __init__
self.__open(ca_certfile)
File "/usr/lib/pymodules/python2.7/univention/uldap.py", line 189, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 860, in _apply_method_s
return func(self,*args,**kwargs)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Setting license/base
Setting uuid/license
File: /etc/apt/apt.conf.d/55user_agent
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...done.
Found failed.ldif. Importing ...failed.
Please check /var/log/univention/listener.log.
Starting univention-directory-listener daemon.
done.
2017-03-07 22:30:51.294429835+01:00 (in joinscript_save_current_version)
Tue Mar 7 22:30:51 CET 2017: finish /usr/sbin/univention-join
root@XXXXXX:~#
Das ist die join.log vom neuen DC Backup oder? Was ist mit dem Master? Ich hatte es so verstanden, als hätte es Fehlermeldungen bei der UVMM-Installation gegeben.
Ja.
Die Installation der UVMM hat einwandfrei funktioniert. Der Master läuft, die Windows Client greifen täglich auf diesen zu. Er ist aber eben harwareseitig überfordert.
Die Join.log ist von einem neuen DC Backup (der X-te Versuch einer VM Installation, die VM Umgebung ist auf einem separaten System [nicht UCS]). Die Join.log am Anfang des Threads ist von einem vorherigen VM-InstallationsVersuch einen Backup DC in die Domäne zu bringen. Zwischendurch habe ich Einträge in der, auf dem Master DC, in der UCM -> LDAP Console entfernt. Die aktuelle VM-UCS Installation liefert die zuletzt gepostete join.log
07.03.17 21:46:53.152 LISTENER ( ERROR ) : replication: Invalid syntax; dn="uid=Guest,cn=users,dc=XXXXXX,dc=bi": Error
07.03.17 21:46:53.152 LISTENER ( ERROR ) : additional info: objectClass: value #12 invalid per syntax
Der Gast hat noch ein Attribut (oder eine Objektklasse), welche(s) mit dem beim Join übertragenen Definitionen des LDAP nicht definiert ist.
Ich habe übrigens auch noch eine Anleitung in der SDB gefunden in der beschrieben ist, wie man in UCS eine Schemaerweiterung entfernt.
Ich habe 4 schema files, in der erwähnten Anleitung [quote]Ich habe übrigens auch noch eine Anleitung in der SDB gefunden in der beschrieben ist, wie man in UCS eine Schemaerweiterung entfernt.[/quote] ist von einem schema die rede…
Es ist einfach unendlich viel Arbeit sich durch die LDAP Files durchzuarbeiten. Außerdem fehlt mir das Verständnis über LDAP seine Tools, Syntax usw.
Ich denke ich werde einfach den aktuellen Master abschalten.
Dann setze ich einen Neuen auf, mit gleicher IP-Adresse, Domäne und Benutzernamen.
Mit einem Domänenaustritt und einem erneuten Beitritt, mit einem lokalen Admin, auf dem Client dürfte der Aufwand vertretbar bleiben.
Die Anmeldung mit der alten DomäneUser & Passwort Kombo stellt den Clients die gewohnte Desktop-/Applikationenumgebung wieder her ?!
Falls du die Benutzerprofile meinst: Nein, die werden nicht mehr funktionieren. Und ein Rejoin der Clients wird auch erforderlich sein.
Ja, ein Rejoin der Clients wird erforderlich sein.
Die Profile beschränken sich auf Benutzername, Passwort und Login script für die Netzlaufwerke. Solche “mageren” Profile sind schnell angelegt.
Ich möchte jedoch eine Neuinstallation der Applikationen (z.B. MS Office) auf den Clients vermeiden.
Denn:
Das Lokale Client Profil für Benutzer QWERTZ, für die Arbeit in der Domäne.xy, ist auf dem Client als
DomäneQWERTZ
Konto vorhanden. Wenn die neue Domäne wie die alte heißt und der Benutzername existiert, dann ist nach dem Client Rejoin “alles gut” ?!
Die Software ist dann natürlich noch da sofern sie systemweit installiert wurde. Benutzerspezifische Einstellungen sind dann aber weg.