Description Philipp Hahn 2014-11-13 15:16:45 CET

Created attachment 6365 [details]
join.log

New UCS-4.0 domain with 1Master=h70, 1Backup=h71, 1Slave=h72, 1Member=h73.

The DC Slave failed to join correctly: 25univention-dhcp.inst was reported as failed.
Afterwards very little works, as the local LDAP replica is incomplete:

root@h72:~# slapcat -a cn=h72
dn: cn=h72,cn=phahn.pt,cn=dhcp,dc=phahn,dc=pt
entryCSN: 20141113123935.978340Z#000000#000#000000
cn: h72
objectClass: top
objectClass: univentionDhcpHost
creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt
entryUUID: deb7278c-ff7d-1033-851d-27970b4b68cb
univentionDhcpFixedAddress: 10.200.17.72
dhcpHWAddress: ethernet 52:54:00:a5:42:b0
modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt
createTimestamp: 20141113123935Z
structuralObjectClass: univentionDhcpHost
modifyTimestamp: 20141113123935Z


root@h70:~# slapcat -a cn=h72
dn: cn=h72,cn=computers,dc=phahn,dc=pt
macAddress: 52:54:00:a5:42:b0
cn: h72
krb5PrincipalName: host/h72.phahn.pt@PHAHN.PT
objectClass: top
objectClass: person
objectClass: univentionHost
objectClass: univentionDomainController
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: univentionVirtualMachineHostOC
objectClass: univentionObject
uidNumber: 2009
sambaAcctFlags: [S          ]
krb5MaxLife: 86400
uid: h72$
krb5MaxRenew: 604800
aRecord: 10.200.17.72
loginShell: /bin/bash
univentionObjectType: computers/domaincontroller_slave
univentionServerReinstall: 0
krb5KDCFlags: 126
univentionServerRole: slave
displayName: h72
associatedDomain: phahn.pt
sambaSID: S-1-4-2009
sn: h72
univentionNetworkLink: cn=default,cn=networks,dc=phahn,dc=pt
homeDirectory: /dev/null
structuralObjectClass: person
entryUUID: deb321fa-ff7d-1033-851c-27970b4b68cb
creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt
createTimestamp: 20141113123935Z
gidNumber: 5006
sambaPrimaryGroupSID: S-1-5-21-2797232813-3054014307-4228921762-1104
krb5Key:: MFKhKzApoAMCARKhIgQg6Cvr4Pos/38NaIh1G1EwLBb1jI179w8KnSDyFT5/VNSiIz
 AhoAMCAQOhGgQYUEhBSE4uUFRob3N0aDcyLnBoYWhuLnB0
krb5Key:: MEKhGzAZoAMCARGhEgQQBtWLm4A7eglsQEFW4zkRQqIjMCGgAwIBA6EaBBhQSEFITi
 5QVGhvc3RoNzIucGhhaG4ucHQ=
krb5Key:: MEqhIzAhoAMCARChGgQYPjF8ugT0TwJbl3zqAbWU462UkQIyaNP9oiMwIaADAgEDoR
 oEGFBIQUhOLlBUaG9zdGg3Mi5waGFobi5wdA==
krb5Key:: MEKhGzAZoAMCARehEgQQ6Ab+WOZIjTDh0tJ720e6baIjMCGgAwIBA6EaBBhQSEFITi
 5QVGhvc3RoNzIucGhhaG4ucHQ=
krb5Key:: MDqhEzARoAMCAQOhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD
 cyLnBoYWhuLnB0
krb5Key:: MDqhEzARoAMCAQKhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD
 cyLnBoYWhuLnB0
krb5Key:: MDqhEzARoAMCAQGhCgQIH3kTOGGD+I+iIzAhoAMCAQOhGgQYUEhBSE4uUFRob3N0aD
 cyLnBoYWhuLnB0
krb5KeyVersionNumber: 2
userPassword:: e2NyeXB0fSQ2JFJFd3lqRm5QRE1qZloucm4kN0NEYnplbVp4aWxpMThjcDUvR
 Whqb3phTmlDU09qeWlyL0FyTlFZZkQ2WGtpcjYvMjJENEpCQXBobmk1V1VhRUdSSXVJa0NRcnRP
 UUhad0Y2cEhYUC4=
sambaNTPassword: E806FE58E6488D30E1D2D27BDB47BA6D
univentionService: LDAP
entryCSN: 20141113130009.371692Z#000000#000#000000
modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt
modifyTimestamp: 20141113130009Z

dn: cn=h72,cn=phahn.pt,cn=dhcp,dc=phahn,dc=pt
objectClass: top
objectClass: univentionDhcpHost
cn: h72
univentionDhcpFixedAddress: 10.200.17.72
dhcpHWAddress: ethernet 52:54:00:a5:42:b0
structuralObjectClass: univentionDhcpHost
entryUUID: deb7278c-ff7d-1033-851d-27970b4b68cb
creatorsName: uid=Administrator,cn=users,dc=phahn,dc=pt
createTimestamp: 20141113123935Z
entryCSN: 20141113123935.978340Z#000000#000#000000
modifiersName: uid=Administrator,cn=users,dc=phahn,dc=pt
modifyTimestamp: 20141113123935Z


As the local host entry does not have the machine.secret, univention-ldapsearch and all other LDAP searches fail, because the go to the local LDAP server.