Hi all,
I have a problem joining a new memberserver to my UCS domain. In the join.log I see:
Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn.xxxx.intranet: No such file or directory
.Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn: No such file or directory
Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn.xxxx.intranet: No such file or directory
.Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/openvpn-hcn: No such file or directory
It seems that the certificates for the new server are not created on the master.
I searched the web and found this command:
univention-directory-listener-ctrl resync gencertificate
Output on the master is:
Modules:
3 app_attributes /usr/lib/univention-directory-listener/system/app_attributes.py
3 bind /usr/lib/univention-directory-listener/system/bind.py
3 dhcp /usr/lib/univention-directory-listener/system/dhcp.py
3 faillog /usr/lib/univention-directory-listener/system/faillog.py
0 gencertificate /usr/lib/univention-directory-listener/system/gencertificate.py
3 hosteddomains /usr/lib/univention-directory-listener/system/hosteddomains.py
3 keytab-member /usr/lib/univention-directory-listener/system/keytab-member.py
3 keytab /usr/lib/univention-directory-listener/system/keytab.py
3 ldap_extension /usr/lib/univention-directory-listener/system/ldap_extension.py
3 ldap_server /usr/lib/univention-directory-listener/system/ldap_server.py
3 license_uuid /usr/lib/univention-directory-listener/system/license_uuid.py
3 nagios-client /usr/lib/univention-directory-listener/system/nagios-client.py
3 nfs-homes /usr/lib/univention-directory-listener/system/nfs-homes.py
3 nfs-shares /usr/lib/univention-directory-listener/system/nfs-shares.py
3 nscd_update /usr/lib/univention-directory-listener/system/nscd.py
3 nss /usr/lib/univention-directory-listener/system/nss.py
3 openvpn-master2 /usr/lib/univention-directory-listener/system/openvpn-master2.py
3 openvpn-master /usr/lib/univention-directory-listener/system/openvpn-master.py
3 pkgdb-watch /usr/lib/univention-directory-listener/system/pkgdb-watch.py
3 portal_groups /usr/lib/univention-directory-listener/system/portal_groups.py
3 portal_server /usr/lib/univention-directory-listener/system/portal_server.py
3 quota /usr/lib/univention-directory-listener/system/quota.py
3 s4-connector /usr/lib/univention-directory-listener/system/s4-connector.py
3 samba4-idmap /usr/lib/univention-directory-listener/system/samba4-idmap.py
3 samba-shares /usr/lib/univention-directory-listener/system/samba-shares.py
3 udm_extension /usr/lib/univention-directory-listener/system/udm_extension.py
3 umc-service-providers /usr/lib/univention-directory-listener/system/umc-service-providers.py
3 univention-admin-diary-backend /usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py
3 univention-saml-groups /usr/lib/univention-directory-listener/system/univention-saml-groups.py
3 univention-saml-idp-config /usr/lib/univention-directory-listener/system/univention-saml-idp-config.py
3 univention-saml-servers /usr/lib/univention-directory-listener/system/univention-saml-servers.py
3 univention-saml-simplesamlphp-configuration /usr/lib/univention-directory-listener/system/univention-saml-simplesamlphp-configuration.py
3 well-known-sid-name-mapping /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py
I think the cause is the 0 in “gencertifcates” module.
Does anybody know how to fix this? I have already executed univention-run-join-scripts --force on the master, but this does not fix the problem.
edit: Found a similar thread: https://help.univention.com/t/join-after-installation-of-openproject-stucks-at-download-host-certificate/6998 . I also executed the comands mentioned in the blog article https://www.univention.de/blog-de/2017/05/sichere-automatische-samba-authentifizierungen-durch-openvpn/
ucr set ssl/host/objectclass= 'univentionDomainController, univentionMemberServer, univentionClient, univentionMobileClient, univentionCorporateClient, univentionWindows'
univention-directory-listener-ctrl resync gencertificate.
Could it be this command that causes the problem?