Our UCS 5.0-6 errata908 is member server in AD on Windows Server 2019 (PDC). Both are VM running on Windows Hyper-V Server 2019.
Yesterday I created a new user in AD but it was not replicated to the UCS. So I started to investigate and came to the following issue in /var/log/univention/connector-ad-status.log
--- retry in 30 seconds ---
Wed Feb 7 19:11:37 2024
Wed Feb 7 19:11:37 2024
--- connect failed, failure was: ---
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/univention/connector/ad/main.py", line 247, in main
connect(options)
File "/usr/lib/python3/dist-packages/univention/connector/ad/main.py", line 119, in connect
ad.init_ldap_connections()
File "/usr/lib/python3/dist-packages/univention/connector/ad/__init__.py", line 543, in init_ldap_connections
self.open_ad()
File "/usr/lib/python3/dist-packages/univention/connector/ad/__init__.py", line 700, in open_ad
self.get_kerberos_ticket()
File "/usr/lib/python3/dist-packages/univention/connector/ad/__init__.py", line 677, in get_kerberos_ticket
raise kerberosAuthenticationFailed('The following command failed: "%s" (%s): %s' % (' '.join(cmd_block), p1.returncode, stdout.decode('UTF-8', 'replace')))
univention.connector.ad.kerberosAuthenticationFailed: The following command failed: "kinit --no-addresses --password-file=/tmp/tmplsrvkxco ucs-srv01$" (1): kinit: Password incorrect
After some research I came to this
and after resetting the password in machine.secret the new user appears in UCS Users
But after restarting the server I run into serious problems concerning LDAP and from now on no user was able to login to UCS Portal again as described in
https://help.univention.com/t/re-problem-ox-connector-ldap-invalid-credentials/22603
So I had to roll back the server to the last checkpoint created on the Hyper-V Server before trying to fix that issue with the password in machine.secret.
I’am a bit helpless where to start troubleshooting and how to solve the problem. Therefore I’d appreciate any help from this forum.
Thank you