Univention Bugzilla – Bug 30471
45univention-join.inst: determination of old krb5KeyVersionNumber broken
Last modified: 2014-06-12 09:19:50 CEST
45univention-join.inst ... # Read kvno from LDAP entry kvno="$(ldapsearch -x -D "$binddn" -w "$bindpwd" "(&(objectClass=univentionCorporateClient)(cn=$hostname))" krb5KeyVersionNumber | sed -ne 's|krb5KeyVersionNumber: ||')" ... -> echo "dds krb5KeyVersionNumber: dsd" | sed -ne 's|krb5KeyVersionNumber: ||' nil This could be a problem if an ucc computer object is joind multiples times. Than the keytab on the ucc client has a wrong key version number. uccclient: -> ktutil --keytab=/etc/krb5.keytab list /etc/krb5.keytab: Vno Type Principal Aliases 1 arcfour-hmac-md5 host/@TEST.UCC 1 aes128-cts-hmac-sha1-96 host/thinclient-124.test.ucc@TEST.UCC 1 aes256-cts-hmac-sha1-96 host/thinclient-124.test.ucc@TEST.UCC ucs server: -> univention-ldapsearch cn=thinclient-124 -LLLL krb5KeyVersionNumber dn: cn=thinclient-124,cn=computers,dc=test,dc=ucc krb5KeyVersionNumber: 2 dn: cn=thinclient-124,cn=test.ucc,cn=dhcp,dc=test,dc=ucc
fixed -> univention-ldapsearch cn=ucc1 krb5KeyVersionNumber dn: cn=ucc1,cn=computers,dc=perf,dc=test krb5KeyVersionNumber: 6 @ucc1-> ktutil list FILE:/etc/krb5.keytab: Vno Type Principal Aliases 6 arcfour-hmac-md5 host/ucc1.perf.test@PERF.TEST 6 aes128-cts-hmac-sha1-96 host/ucc1.perf.test@PERF.TEST 6 aes256-cts-hmac-sha1-96 host/ucc1.perf.test@PERF.TEST
OK: The correct key version number is set on ucc clients in subsequent installs. OK: Changelog Verified
*** Bug 31168 has been marked as a duplicate of this bug. ***
UCC 2.0 has been released: http://docs.univention.de/release-notes-ucc-2.0.html If this error occurs again, please use "Clone This Bug".