Hello,
This is my first time here.
I am using UCS as Active directory to windows users, I mad domain and users, everything working fine until days ago:
I added new users, but can not login to windows using this user!!!
I can join new computers to domain
I can login using old users but new users show bad password, I changed new user password many time but same error
Home folders working fine for old users, print server fine, DNS can resolve
UCS system updated
using windows I tried to query domain users, it show all old users except new user?
what should I do?
This could be a problem with the connector. What’s the output of this?
univention-s4connector-list-rejected
Thank you for your reply.
It show a lot, here is an example of output
UCS rejected
1: UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1491679375.725131
2: UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1491679375.735827
3: UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
S4 DN: <not found>
Filename: /var/lib/univention-connector/s4/1491679375.738908
41031: UCS DN: cn=USER17,cn=Computers,dc=ten,dc=local
S4 DN:
Filename: /var/lib/univention-connector/s4/1491679375.626736
S4 rejected
1: S4 DN: CN=TENTV,CN=Computers,DC=ten,DC=local
UCS DN: <not found>
2: S4 DN: CN=USER17,CN=Computers,DC=ten,DC=local
UCS DN: <not found>
3: S4 DN: CN=TAHRIR26-15,CN=Computers,DC=ten,DC=local
UCS DN: <not found>
4: S4 DN: CN=USER111,CN=Computers,DC=ten,DC=local
UCS DN: <not found>
5: S4 DN: CN=HANY,CN=Computers,DC=ten,DC=local
UCS DN: <not found>
last synced USN: 171475
I followed step on this article, in step univention-s4search -b :
root@server:~# univention-s4search -b cn=administrator,cn=users,dc=ten,dc=local
TLS …/source4/lib/tls/tls_tstream.c:1593 - check failed for verify_peer[ca_and_name] and peer_name[server.ten.local] status 0x42 (invalid signer_not_found )
Failed to connect to ldap URL ‘ldaps://server.ten.local’ - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to ‘ldaps://server.ten.local’ with backend ‘ldaps’: LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to ldaps://server.ten.local - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
what should I do to fix this?
This sounds like the UCS CA certificate isn’t trusted, or the Samba4 server is using a certificate not signed by that CA. Both shouldn’t be the case in a normal installation.
Please post the output of the following commands for further debugging:
ls -l /etc/ssl/certs/ucsCA.pem /usr/local/share/ca-certificates/ucsCA.crt /etc/univention/ssl/ucsCA/CAcert.pem
openssl x509 -in /etc/ssl/certs/ucsCA.pem -noout -text
grep tls /etc/samba/smb.conf
Thanks.
Thank you for your reply.
I formatted this server and created new Domain
B R
George
That would solve the issue, of course Sorry you had to resort to such a drastic method.