Bug 37460 – AD-Member setup: join fails if AD NETBIOS domain name is unusual

Bug 37460 - AD-Member setup: join fails if AD NETBIOS domain name is unusual


Summary:	AD-Member setup: join fails if AD NETBIOS domain name is unusual

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Setup wizard
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-2-errata
Assigned To:	Stefan Gohmann
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:	43784
	Show dependency tree / graph

Reported:	2015-01-06 16:27 CET by Arvid Requate
Modified:	2017-03-10 14:09 CET (History)
CC List:	6 users (show)

See Also:	36991
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017030621000252
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-01-06 16:27:39 CET

When an AD-Server has a non-default NETBIOS domain name like

 NETBIOS domain: FOOBAR0
 DNS domainname: FooBar.com

the setup of an AD-Member (Master) fails with an empty error message.

This seems to be caused by a failure of "net ads join" in 26univention-samba.inst:


+ net ads join -UAdministrator%Univention.1 machinepass=QFLa7a7IIC363XYPbk1k
Failed to join domain: Invalid configuration ("workgroup" set to 'FOOBAR', should be 'FOOBAR0') and configuration modification was not requested


So we need to lookup the NETBIOS domain of the AD-Server and set UCR windows/domain accordingly. After doing this manually, the joinscript succeeded.

The situation came up accidentally, because my test AD-Server found that the netbios domainname "FOOBAR" was already used by another domain/server in my subnet. In this case AD "dcpromo" suggest a different NETBIOS name.

Comment 1 Michael Grandjean

2015-02-06 15:38:20 CET

Microsoft ADs with dissenting NETBIOS and DNS domain names aren't unusual, especially if they are older, were migrated from Windows NT once or if the DNS domain name is longer than 15 characters. 

Since it is not possible to specify a dissenting NETBIOS domain name with UCS 4.0 (Bug 36991) during installation, this breaks AD Connection (Member Mode) for all those Microsoft ADs.

Comment 2 Tobias Birkefeld

2015-02-06 15:49:37 CET

also reported in 2015020621000463

Setup:
existing AD-Domain with following settings:
ADS Domain: example-domain.com
Netbios Workgroup: exdo

Join an UCS AD-Member into AD-Domain failed with error message in join.log:

Failed to join domain: Invalid configuration ("workgroup" set to 'example-domai', should be 'exdo') and configuration modification was not requested
ERROR: Failed to join to AD DC via net ads join. Please check your Samba DCs and your DNS and WINS configuration

The main problem is, that no NETBIOS name could be set during the installation (see Bug#36991).

Workaround:
Start with UCS 3.2-4, set the alternate Netbios name in setup and install AD-Connector as AD member from appcenter.

Comment 3 Stefan Gohmann

2015-02-06 15:58:28 CET

(In reply to Tobias Birkefeld from comment #2)
> Workaround:
> Start with UCS 3.2-4, set the alternate Netbios name in setup and install
> AD-Connector as AD member from appcenter.

Workaround:
You can set the NETBIOS domain during the installation. Press ALT-F2 before starting the domain setup and set the windows/domain:
   chroot /target /bin/bash
   ucr set --force windows/domain=DOMAIN

See Ticket #2015012821000012

Comment 4 Tobias Birkefeld

2015-07-01 14:28:01 CEST

also reported in 2015061921000191

workaround is clear, but not a nice way for customers.

Comment 5 Stefan Gohmann

2015-07-18 14:50:46 CEST

I fixed it in system setup:
 4.0-2-errata: r62221
 4.1: r62222
 YAML: r62223

Comment 6 Arvid Requate

2015-07-20 14:36:49 CEST

Verified:
* Works
* Advisory: Ok

Comment 7 Janek Walkenhorst

2015-07-20 17:49:48 CEST

<http://errata.univention.de/ucs/4.0/251.html>