Hi @all,
I’m facing an issue where I can only access the UMC of my Primary Directory Node via its IP address, but not through its hostname. DNS resolution is working fine I can log into the server from the client using:
ssh -l root srv01.lan.example.de
A DNS diagnostic from the client returns:
sven ツ lt001:~ dig srv01.lan.example.de
; <<>> DiG 9.18.30-0ubuntu0.22.04.2-Ubuntu <<>> srv01.lan.example.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19547
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;srv01.lan.example.de. IN A
;; ANSWER SECTION:
srv01.lan.example.de. 276 IN A 192.168.83.5
;; AUTHORITY SECTION:
lan.example.de. 276 IN NS srv01.lan.example.de.
lan.example.de. 276 IN NS gw02.lan.example.de.
;; ADDITIONAL SECTION:
gw02.lan.example.de. 276 IN A 192.168.83.20
srv01.lan.example.de. 276 IN AAAA 2a02:wwww:xxxx:yyyy:zzzz:ebff:fe28:35be
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Feb 05 19:29:59 CET 2025
;; MSG SIZE rcvd: 141
This problem does not occur with the other UCS servers (Replica Directory Node or Managed Node, all running 5.0.9). It might be relevant to mention that this is a dual-stack setup (IPv4 & IPv6). The IP configuration of srv01 is:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
link/ether 5a:65:eb:28:35:be brd ff:ff:ff:ff:ff:ff
inet 192.168.83.5/24 brd 192.168.83.255 scope global ens18
valid_lft forever preferred_lft forever
inet6 2a02:wwww:xxxx:yyyy:zzzz:ebff:fe28:35be/64 scope global dynamic mngtmpaddr
valid_lft 86362sec preferred_lft 14362sec
inet6 fe80::5865:ebff:fe28:35be/64 scope link
valid_lft forever preferred_lft forever
The client’s IP configuration (Linux Mint 21.3) is:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:8b:28:15:ed:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.83.141/24 brd 192.168.83.255 scope global dynamic noprefixroute wlp0s20f3
valid_lft 31337sec preferred_lft 31337sec
inet6 2a02:wwww:xxxx:yyyy:zzzz:342a:7153:d96b/64 scope global temporary dynamic
valid_lft 85934sec preferred_lft 13934sec
inet6 2a02:8071:7102:a1dc:5856:7f22:88dc:e873/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 85934sec preferred_lft 13934sec
inet6 fe80::aa0f:25ea:79b9:43a2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
When attempting to access the UMC in the web browser (Firefox), I receive the following error:
“Forbidden: You don’t have permission to access this resource.”
In the Apache log file on srv01, I find this:
==> error.log <==
[Wed Feb 05 19:41:33.153497 2025] [access_compat:error] [pid 4151] [client 2a02:wwww:xxxx:yyyy:zzzz:342a:7153:d96b:48158] AH01797: client denied by server configuration: /var/www/univention/portal/
==> access.log <==
2a02:wwww:xxxx:yyyy:zzzz:342a:7153:d96b - - [05/Feb/2025:19:41:33 +0100] "GET /univention/portal/ HTTP/1.1" 403 1576 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"
2a02:8071:7102:a1dc:9850:342a:7153:d96b - - [05/Feb/2025:19:41:33 +0100] "GET /favicon.ico HTTP/1.1" 200 1476 "https://srv01.lan.example.de/univention/portal/" "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"
What could be causing this issue?
with best
sven