Univention-upgrade prompts for root password to connect to UCS backup server


#1

Hi at all,

I’ve problems to install/update an app from the app-center at a UCS backup.

Today I’ve started the update (here Kopano) on the UCS master via “univention-upgrade”.

The following apps can be upgraded:

Kopano Core: Version 8.3.1.32 can be upgraded to 8.4.5.0
Starting univention-app upgrade at Sat Jun  9 11:32:56 2018...

The installation started an a few minutes later there was an password prompt for

root@myUCSBackup.intra.mydomain.tld

Snippet from updater.log

2018-06-09 12:27:49,129 DEBUG:univention.appcenter.actions.upgrade.progress:30
Installing some packages of kopano-core on myUCSBackup.intra.mydomain.tld
2018-06-09 12:27:49,180 INFO:univention.appcenter.actions.upgrade:Installing some packages of kopano-core on myUCSBackup.intra.mydomain.tld
Calling /usr/sbin/univention-ssh /tmp/tmpNffy0n root@myUCSBackup.intra.mydomain.tld univention-app install kopano-core=8.4.5.0 --only-master-packages --noninteractive --do-not-send-info
2018-06-09 12:31:07,535 DEBUG:univention.appcenter.actions.upgrade:Calling /usr/sbin/univention-ssh /tmp/tmpNffy0n myUCSBackup.intra.mydomain.tld univention-app install kopano-core=8.4.5.0 --only-master-packages --noninteractive --do-not-send-info

I’ve entered the root password and the installation will go on.

My questions are:

  • which format has the password file for univention-ssl (/tmp/tmpNffy0n)
  • where is the password for myUCSBackup.intra.mydomain.tld stored, so that I can change it to the correct value

My versions:

UCS: 4.2-4 errata418
App Center compatibility: 4
Installed: cups=1.7.5 dhcp-server=11.0.0 kopano-core=8.4.5.0 kopano-webapp=3.3.0.610 nagios=3.5 pkgdb=10 samba4=4.6 squid=3.4 z-push-kopano=2.3.7
Upgradable:

Thanks
Ulf


#2

Hi,

I can not answer all of your questions or solve your issue, but you can find several passwords in the *.secret files at /etc.

root@master:/etc# ls | grep secret
backup-join.secret
idp-ldap-user.secret
ldap-backup.secret
ldap.secret
libnss-ldap.secret
listfilter.secret
machine.secret
pam_ldap.secret
slave-join.secret

Possibly it might help you.


#3

Hi,

thanks for the list. I will doublecheck these files next time I’m on the server.

Ulf


#4

Hello, everybody,

yeah, it’s been a long time since I’ve tried.

Unfortunately, I am now faced with the same problem again. The secret files in /etc do not contain the password required for root login.

During the installation I was able to look at the password file for univention-ssh. It just contains the password. Only the content should get the univention-upgrade from somewhere. Whereby a password is not necessary at all, because the connection with SSH certificates works without problems. Only univention-ssh does not use it.

Does anyone else have an idea?

Translated with www.DeepL.com/Translator

Thanks
Ulf


#5

Hi,

maybe I am wrong, but as far as I can see everything that relates to the installation is mainly built to support the installation through the GUI. By using an domain admin account in the GUI everything works.
According to its man-page, univention-ssh is a OpenSSH password wrapper. It doesnt use key-based authentication even if it is correctly set up.
So I would guess that we have to use the password atm.

Best Regards,
Dirk


#6

Hi Dirk,

hen I will try the next update via WUI.

Thanks
Ulf