Unable to join new memberserver

larry · March 25, 2021, 7:56am

Hi all,

I have a problem joining a new memberserver to my UCS domain. In the join.log I see:

Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn.xxxx.intranet: No such file or directory
.Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn: No such file or directory
Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn.xxxx.intranet: No such file or directory
.Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn: No such file or directory

It seems that the certificates for the new server are not created on the master.

I searched the web and found this command:

univention-directory-listener-ctrl resync gencertificate

Output on the master is:

Modules:
3       app_attributes  /usr/lib/univention-directory-listener/system/app_attributes.py
3       bind    /usr/lib/univention-directory-listener/system/bind.py
3       dhcp    /usr/lib/univention-directory-listener/system/dhcp.py
3       faillog /usr/lib/univention-directory-listener/system/faillog.py
0       gencertificate  /usr/lib/univention-directory-listener/system/gencertificate.py
3       hosteddomains   /usr/lib/univention-directory-listener/system/hosteddomains.py
3       keytab-member   /usr/lib/univention-directory-listener/system/keytab-member.py
3       keytab  /usr/lib/univention-directory-listener/system/keytab.py
3       ldap_extension  /usr/lib/univention-directory-listener/system/ldap_extension.py
3       ldap_server     /usr/lib/univention-directory-listener/system/ldap_server.py
3       license_uuid    /usr/lib/univention-directory-listener/system/license_uuid.py
3       nagios-client   /usr/lib/univention-directory-listener/system/nagios-client.py
3       nfs-homes       /usr/lib/univention-directory-listener/system/nfs-homes.py
3       nfs-shares      /usr/lib/univention-directory-listener/system/nfs-shares.py
3       nscd_update     /usr/lib/univention-directory-listener/system/nscd.py
3       nss     /usr/lib/univention-directory-listener/system/nss.py
3       openvpn-master2 /usr/lib/univention-directory-listener/system/openvpn-master2.py
3       openvpn-master  /usr/lib/univention-directory-listener/system/openvpn-master.py
3       pkgdb-watch     /usr/lib/univention-directory-listener/system/pkgdb-watch.py
3       portal_groups   /usr/lib/univention-directory-listener/system/portal_groups.py
3       portal_server   /usr/lib/univention-directory-listener/system/portal_server.py
3       quota   /usr/lib/univention-directory-listener/system/quota.py
3       s4-connector    /usr/lib/univention-directory-listener/system/s4-connector.py
3       samba4-idmap    /usr/lib/univention-directory-listener/system/samba4-idmap.py
3       samba-shares    /usr/lib/univention-directory-listener/system/samba-shares.py
3       udm_extension   /usr/lib/univention-directory-listener/system/udm_extension.py
3       umc-service-providers   /usr/lib/univention-directory-listener/system/umc-service-providers.py
3       univention-admin-diary-backend  /usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py
3       univention-saml-groups  /usr/lib/univention-directory-listener/system/univention-saml-groups.py
3       univention-saml-idp-config      /usr/lib/univention-directory-listener/system/univention-saml-idp-config.py
3       univention-saml-servers /usr/lib/univention-directory-listener/system/univention-saml-servers.py
3       univention-saml-simplesamlphp-configuration     /usr/lib/univention-directory-listener/system/univention-saml-simplesamlphp-configuration.py
3       well-known-sid-name-mapping     /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py

I think the cause is the 0 in “gencertifcates” module.

Does anybody know how to fix this? I have already executed univention-run-join-scripts --force on the master, but this does not fix the problem.

edit: Found a similar thread: https://help.univention.com/t/join-after-installation-of-openproject-stucks-at-download-host-certificate/6998 . I also executed the comands mentioned in the blog article https://www.univention.de/blog-de/2017/05/sichere-automatische-samba-authentifizierungen-durch-openvpn/

ucr set ssl/host/objectclass= 'univentionDomainController, univentionMemberServer, univentionClient, univentionMobileClient, univentionCorporateClient, univentionWindows'
univention-directory-listener-ctrl resync gencertificate.

Could it be this command that causes the problem?

larry · March 25, 2021, 11:10am

SOLVED: Installed a temp new master in a vm and copied the output from

ucr get ssl/host/objectclass
univentionDomainController,univentionMemberServer,univentionClient,univentionMobileClient,univentionCorporateClient

It seems that the blanks / whitespaces in the list of objects (copied from the blog article) caused the error:

Correct:

ucr set ssl/host/objectclass='univentionDomainController,univentionMemberServer,univentionClient,univentionMobileClient,univentionCorporateClient'

Error:

ucr set ssl/host/objectclass='univentionDomainController, univentionMemberServer, univentionClient, univentionMobileClient, univentionCorporateClient, univentionWindows'