Univention Bugzilla – Bug 36644
DC slave failed to join / replicate itself
Last modified: 2018-04-14 13:43:54 CEST
Created attachment 6365 [details] join.log New UCS-4.0 domain with 1Master=h70, 1Backup=h71, 1Slave=h72, 1Member=h73. The DC Slave failed to join correctly: 25univention-dhcp.inst was reported as failed. Afterwards very little works, as the local LDAP replica is incomplete: root@h72:~# slapcat -a cn=h72 dn: cn=h72,cn=phahn.pt,cn=dhcp,dc=phahn,dc=pt entryCSN: 20141113123935.978340Z#000000#000#000000 cn: h72 objectClass: top objectClass: univentionDhcpHost creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt entryUUID: deb7278c-ff7d-1033-851d-27970b4b68cb univentionDhcpFixedAddress: 10.200.17.72 dhcpHWAddress: ethernet 52:54:00:a5:42:b0 modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt createTimestamp: 20141113123935Z structuralObjectClass: univentionDhcpHost modifyTimestamp: 20141113123935Z root@h70:~# slapcat -a cn=h72 dn: cn=h72,cn=computers,dc=phahn,dc=pt macAddress: 52:54:00:a5:42:b0 cn: h72 krb5PrincipalName: host/h72.phahn.pt@PHAHN.PT objectClass: top objectClass: person objectClass: univentionHost objectClass: univentionDomainController objectClass: krb5Principal objectClass: krb5KDCEntry objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount objectClass: univentionVirtualMachineHostOC objectClass: univentionObject uidNumber: 2009 sambaAcctFlags: [S ] krb5MaxLife: 86400 uid: h72$ krb5MaxRenew: 604800 aRecord: 10.200.17.72 loginShell: /bin/bash univentionObjectType: computers/domaincontroller_slave univentionServerReinstall: 0 krb5KDCFlags: 126 univentionServerRole: slave displayName: h72 associatedDomain: phahn.pt sambaSID: S-1-4-2009 sn: h72 univentionNetworkLink: cn=default,cn=networks,dc=phahn,dc=pt homeDirectory: /dev/null structuralObjectClass: person entryUUID: deb321fa-ff7d-1033-851c-27970b4b68cb creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt createTimestamp: 20141113123935Z gidNumber: 5006 sambaPrimaryGroupSID: S-1-5-21-2797232813-3054014307-4228921762-1104 krb5Key:: MFKhKzApoAMCARKhIgQg6Cvr4Pos/38NaIh1G1EwLBb1jI179w8KnSDyFT5/VNSiIz AhoAMCAQOhGgQYUEhBSE4uUFRob3N0aDcyLnBoYWhuLnB0 krb5Key:: MEKhGzAZoAMCARGhEgQQBtWLm4A7eglsQEFW4zkRQqIjMCGgAwIBA6EaBBhQSEFITi 5QVGhvc3RoNzIucGhhaG4ucHQ= krb5Key:: MEqhIzAhoAMCARChGgQYPjF8ugT0TwJbl3zqAbWU462UkQIyaNP9oiMwIaADAgEDoR oEGFBIQUhOLlBUaG9zdGg3Mi5waGFobi5wdA== krb5Key:: MEKhGzAZoAMCARehEgQQ6Ab+WOZIjTDh0tJ720e6baIjMCGgAwIBA6EaBBhQSEFITi 5QVGhvc3RoNzIucGhhaG4ucHQ= krb5Key:: MDqhEzARoAMCAQOhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD cyLnBoYWhuLnB0 krb5Key:: MDqhEzARoAMCAQKhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD cyLnBoYWhuLnB0 krb5Key:: MDqhEzARoAMCAQGhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD cyLnBoYWhuLnB0 krb5KeyVersionNumber: 2 userPassword:: e2NyeXB0fSQ2JFJFd3lqRm5QRE1qZloucm4kN0NEYnplbVp4aWxpMThjcDUvR Whqb3phTmlDU09qeWlyL0FyTlFZZkQ2WGtpcjYvMjJENEpCQXBobmk1V1VhRUdSSXVJa0NRcnRP UUhad0Y2cEhYUC4= sambaNTPassword: E806FE58E6488D30E1D2D27BDB47BA6D univentionService: LDAP entryCSN: 20141113130009.371692Z#000000#000#000000 modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt modifyTimestamp: 20141113130009Z dn: cn=h72,cn=phahn.pt,cn=dhcp,dc=phahn,dc=pt objectClass: top objectClass: univentionDhcpHost cn: h72 univentionDhcpFixedAddress: 10.200.17.72 dhcpHWAddress: ethernet 52:54:00:a5:42:b0 structuralObjectClass: univentionDhcpHost entryUUID: deb7278c-ff7d-1033-851d-27970b4b68cb creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt createTimestamp: 20141113123935Z entryCSN: 20141113123935.978340Z#000000#000#000000 modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt modifyTimestamp: 20141113123935Z As the local host entry does not have the machine.secret, univention-ldapsearch and all other LDAP searches fail, because the go to the local LDAP server.
> ldap_dn="cn=h72,cn=computers,dc=phahn,dc=pt" It should be cn=h72,cn=dc,cn=computers,dc=phahn,dc=pt"