Univention Bugzilla – Bug 46855
UMC ucs-sso module uses wrong name server
Last modified: 2020-07-03 20:55:03 CEST
We are using AD member mode and have configured two DNS servers via UCR. ucr search nameserver nameserver1: 192.168.1.254 nameserver2: 192.168.1.253 Querying these servers with dig gives the right answer: dig ucs-sso.domain.local ;; ANSWER SECTION: ucs-sso.domain.local. 900 IN A 192.168.1.2 ucs-sso.domain.local. 900 IN A 192.168.1.1 Even with AD member mode there are bind9-services running on DC-master, DC-backup as well as DC-slave servers. Querying the bind9-service on the DC-master the answer was wrong because there is an additional server... nslookup ucs-sso 192.168.1.1 Server: 192.168.1.1 Address: 192.168.1.1#53 Name: ucs-sso.domain.local Address: 192.168.1.1 Name: ucs-sso.domain.local Address: 192.168.1.3 Name: ucs-sso.domain.local Address: 192.168.1.2 After deleting the wrong entry with .3 at the end via UDM web interface the sso-redirection worked again. So I guess the UMC module ignores the dns configuration made in /ertc/resolv.conf and uses bind9 or LDAP database directly.
I would expect that in ad membermode the MS/AD DNS is used and the UCS DNS is ignored / not used.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.