Univention Bugzilla – Bug 40892
UCS@school configuration wizard fails due to SSL error while calling umc-get
Last modified: 2017-05-08 09:39:13 CEST
The change will be backported to UCS@school 4.0 R2. +++ This bug was initially created as a clone of Bug #37484 +++ In a newly installed customer environment we had the following scenario: * DC Master + UCS@school * DC Backup + UCS@school * DC Slave The customer installed UCS@school also on the DC Slave and ran the UCS@school configuration wizard which failed with the following error: > MODULE ( ERROR ) : Failed to launch UMC query: ['/usr/sbin/umc-get', '-U', 'Administrator', '-y', '/tmp/tmpMEAg2R', '-s', 'master.schule.local', 'ucr', '-l', '-c', 'ldap/base', '-o', 'ldap/master/port'] > MODULE ( WARN ) : Could not query the LDAP base of the master system master.schule.local. > MODULE ( ERROR ) : Failed to get schoolinfo for school 'schule01': ('success': False, 'error': 'Der UMC-Server master.schule.local kann nicht erreicht werden.') What was confusing is that manually executing the command "/usr/sbin/umc-get -U Administrator -y /tmp/adminpwd -s master.schule.local ucr -l -c ldap/base -o ldap/master/port" on the command line was successful. Additionally 'everything else' was working (join, replication, ldapsearch, HTTPS) With a higher debug level we were able to see this in the logfile: > MODULE ( INFO ) : Executing: /usr/sbin/umc-get -d 4 -U Administrator -y /tmp/tmpqsnvhw -s master.schulen.local ucr -l -o ldap/base -o ldap/master/port > MODULE ( ERROR ) : Failed to launch UMC query: ['/usr/sbin/umc-get', '-d', '4', '-U', 'Administrator', '-y', '/tmp/tmpqsnvhw', '-s', 'master.schulen.local', 'ucr', '-l', '-o', 'ldap/base', '-o', 'ldap/master/port'] > DEBUG_INIT > MAIN ( PROCESS ) : Client: Setting up SSL configuration failed: [] > MAIN ( PROCESS ) : Client: Communication will not be encrypted! > PROTOCOL ( INFO ) : Sending UMCP AUTH REQUEST 142071238666879-1 > MAIN ( WARN ) : Client: _recv: error on socket: [Errno 104] Connection reset by peer > > MODULE ( WARN ) : Could not query the LDAP base of the master system master.schulen.local. We checked the certificates (CA, master, slave) but they seem to be okay (valid, md5sums match on both systems). I can provide USI-archives for DC Master and DC Slave if necessary.
Package: ucs-school-umc-installer Version: 3.0.3-2.75.201603140737 (wrong bug number in commit message) ucs-school-umc-installer (3.0.3-2): r68056 | Bug #40892: fix SSL problems during contacting the DC master r68055 | Bug #37484: fix SSL problems during contacting the DC master
@Sönke: This is fixed in 4.1R2. Please decide about backport. Otherwise I revert the changes in 4.0R2.
Please revert the change in 4.0R2. UCS 4.0 is now out of maintenance.
Reverted for UCS@school 4.0R2 and 4.1 in svn r70796,70797,70798,70799,70800.
Changes were reverted for 4.0R2 and 4.1.
Nothing to do.