Univention Domain join failed after upgrade from UCS 4.8. to 5.0

r.ayyildiz · January 13, 2022, 2:38pm

Hi, after upgrading my UCS 4.8 to 5.0 i’m not able any more to join linux clients to the domain.

the error is:
“The domain join failed: get admin DN failed with: b’ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)\n\tadditional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown)\n’ For further information look at univention-domain-join-gui.log in the user home directory”

With the windows clients the join is succesfull but after the join i can’t find the clients in the ldap tree.
I have managed to find the client with this command
“univention-s4search | grep Computername”
but with univention-ldapsearch or ldapsearch the client could not be found.

Thanks in advance.
Ramazan

SirTux · January 13, 2022, 3:41pm

Then you should check the connector:

r.ayyildiz · January 14, 2022, 7:55am

good morning SirTux,
thank you for your reply.
I have followed the steps in that document.
At the end i have this rejected item now and nothing has changed and the item appears at the next sync.

"univention-s4connector-list-rejected
UCS rejected
S4 rejected
1: S4 DN: CN=Administrator,CN=Users,DC=domain,DC=de
UCS DN:
last synced USN: 0
"
In the logfile /var/log/univention/connector-s4.log is this entry.
LDAP (INFO ): Lost connection to the LDAP server. Trying to reconnect …

the log file univention/connector-s4-status.log shows the error.
" s4.init_group_cache()
File “/usr/lib/python3/dist-packages/univention/s4connector/s4/init.py”, line 648, in init_group_cache
for ucs_group in self.search_ucs(filter=‘objectClass=univentionGroup’, attr=[‘uniqueMember’]):
File “/usr/lib/python3/dist-packages/univention/s4connector/init.py”, line 545, in search_ucs
result = self.lo.search(filter=filter, base=base, scope=scope, attr=attr, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)
File “/usr/lib/python3/dist-packages/univention/admin/uldap.py”, line 683, in search
raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
univention.admin.uexceptions.ldapError: Insufficient access"

r.ayyildiz · January 17, 2022, 11:10am

Hi,
after explicitly setting the variables in the registry,
connector/ldap/binddn: dn=admin,dc=domain,dc=de
connector/ldap/bindpw: /etc/ldap.secret
connector/ldap/port: 7389
the synchronization now works.

Unfortunately I still can’t join a client to the domain.

The error message is the same.
“The domain join failed: get admin DN failed with: b’ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)\n\tadditional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown)\n’ For further information look at univention-domain-join-gui.log in the user home directory”

r.ayyildiz · March 10, 2022, 12:24pm

Hallo, ich kann immer noch kein Ubuntu Client in die Domaine joinen.
Die Meldung ist:
get admin DN failed with: b’ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)\n\tadditional info: SASL(-1): generic failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible. (unknown mech-code 0 for mech unknown)\n’
Ich weiss nicht weiter und würde mich über Hilfe freuen.

Grüße
Ramazan