Univention Bugzilla – Bug 53298
Administrator cannot authenticate on DC Backup after updating the primary DN to UCS-5
Last modified: 2021-05-25 15:59:38 CEST
After Update of a UCS Samba/AD primary directory node to UCS 5, the Administrator cannot authenticate in the DC Backup: root@ucs5-dc-primary:~# kinit Administrator Administrator@TEST.DOM's Password: root@ucs5-dc-primary:~# ## OK root@ucs4-dc-backup:~# kinit Administrator Administrator@TEST.DOM's Password: kinit: Password incorrect This also blocks progressing with the update of the DC Backup in case Apps need to be uninstalled via univention-app remove, which require authenticating as Administrator.
root@ucs4-dc-backup:~# ldapsearch -ZZ -h ucs4-dc-backup -p 7389 \ -D uid=Administrator,cn=users,dc=test,dc=dom -W Enter LDAP Password: ldap_bind: Invalid credentials (49) root@ucs4-dc-backup:~# ldapsearch -ZZ -h ucs5-dc-primary -p 7389 \ -D uid=Administrator,cn=users,dc=test,dc=dom -W Enter LDAP Password: ### Works
Something is fishy about LDAP replication: root@ucs4-dc-backup:~# /usr/lib/nagios/plugins/check_univention_replication OK: replication complete (nid=461932 lid=461932) but the attributes (in particular password hashes) differ between Primary and Backup: 32d31 < objectClass: automount < objectClass: maildisclaimer < maildisclaimerTemplate: 0 < univentionMailUserQuota: 0 < sambaPwdLastSet: 1621496919 --- > sambaPwdLastSet: 1483532178 77c74 < shadowLastChange: 18767 --- > shadowLastChange: 17170 28c28 < krb5PasswordEnd: 20400719000000Z < krb5KeyVersionNumber: 36 --- > krb5PasswordEnd: 20360305000000Z > krb5KeyVersionNumber: 35
univention-replicate-one --dn uid=Administrator,dc=test,dc=dom fixed the issue. I guess it's a problem of the cloned test env.
(In reply to Arvid Requate from comment #3) > univention-replicate-one --dn uid=Administrator,dc=test,dc=dom > > fixed the issue. I guess it's a problem of the cloned test env. OK: during the clone Administrator was not replicated due to DNS issues.
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".