Univention Bugzilla – Bug 39920
Domain join of slave/backup/member fails in ipv6-dualstack configuration
Last modified: 2016-04-06 19:06:25 CEST
See here: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-0/job/Autotest%20MultiEnv%20%28IPv6%29/SystemrolleElse=slave6,SystemrolleMaster=master46/lastBuild/artifact/join.log System configuration is a master with ipv4/ipv6 and a slave with ipv6, both using UCS-4.1. As the join.log shows, after calling run_join_setup_on_non_master from utils.sh which calls univention-run-join-scripts, installation fo 92univention-management-console-web-server.inst fails by resolving the hostname ucs-sso.*.* because it uses an A-Record for resolving instead of the AAAA-Record.
This causes a failure of several ucs-test scripts in IPv6 environments if check_join_status is called: Warning: 'univention-management-console-web-server' is not configured
This also seem to break SAML on IPv6 only systems if the DC master is a dual-stack system.
(In reply to Sönke Schwardt-Krummrich from comment #1) > Warning: 'univention-management-console-web-server' is not configured Happened again on my private UCS system (DC Master with dual stack setup). UMC constantly complains about missing join script. Update 4.1-0 e0 to 4.1-0 e7 resulted in the following updater.log output: Calling joinscript 92univention-management-console-web-server.inst ... 2015-12-03 21:55:33.678802514+01:00 (in joinscript_init) Setting ucs/web/overview/entries/admin/umc/icon Setting ucs/web/overview/entries/admin/umc/link Setting ucs/web/overview/entries/admin/umc/link/de Setting ucs/web/overview/entries/admin/umc/priority File: /var/www/ucs-overview/entries.json Setting ucs/web/overview/entries/admin/umc/label Setting ucs/web/overview/entries/admin/umc/label/de Setting ucs/web/overview/entries/admin/umc/description Setting ucs/web/overview/entries/admin/umc/description/de File: /var/www/ucs-overview/entries.json Object exists: SAMLServiceProviderIdentifier=https://master.censored.domain/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=censored,dc=domain No modification: SAMLServiceProviderIdentifier=https://master.censored.domain/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=censored,dc=domain Not updating ucs/server/sso/fqdn Reloading web server config: apache2. Create umc/saml/idp-server Module: setup_saml_sp Try to download idp metadata (1/60) --2015-12-03 21:55:36-- https://ucs-sso.censored.domain/simplesamlphp/saml2/idp/metadata.php Auflösen des Hostnamen »ucs-sso.censored.domain (ucs-sso.censored.domain)«... 111.222.333.444 Verbindungsaufbau zu ucs-sso.censored.domain (ucs-sso.censored.domain)|111.222.333.444|:443... verbunden. GnuTLS: A TLS fatal alert has been received. Es ist nicht möglich, eine SSL-Verbindung herzustellen. Try to download idp metadata (2/60) … GnuTLS: A TLS fatal alert has been received. Es ist nicht möglich, eine SSL-Verbindung herzustellen. Try to download idp metadata (60/60) --2015-12-03 21:56:50-- https://ucs-sso.censored.domain/simplesamlphp/saml2/idp/metadata.php Auflösen des Hostnamen »ucs-sso.censored.domain (ucs-sso.censored.domain)«... 111.222.333.444 Verbindungsaufbau zu ucs-sso.censored.domain (ucs-sso.censored.domain)|111.222.333.444|:443... verbunden. GnuTLS: A TLS fatal alert has been received. Es ist nicht möglich, eine SSL-Verbindung herzustellen. Reloading Univention Management Console Web Server. done. Multifile: /etc/pam.d/univention-management-console File: /etc/ldap/sasl2/slapd.conf Could not download IDP metadata for https://ucs-sso.censored.domain/simplesamlphp/saml2/idp/metadata.php Unsetting umc/saml/idp-server Module: setup_saml_sp Reloading Univention Management Console Web Server. done. Multifile: /etc/pam.d/univention-management-console File: /etc/ldap/sasl2/slapd.conf Module: setup_saml_sp Joinscript 92univention-management-console-web-server.inst finished with exitcode 3 Trigger für python-support werden verarbeitet ...
Created attachment 7363 [details] syslog
looks like this also happened here: Ticket#2016012721000469
(In reply to Nico Stöckigt from comment #5) > looks like this also happened here: Ticket#2016012721000469 Sure?
Bug #40658 fixed this.
Julian reported that the join now works in IPv6 environments.
*** Bug 39510 has been marked as a duplicate of this bug. ***
(In reply to Julian Hupertz from comment #9) > *** Bug 39510 has been marked as a duplicate of this bug. *** Erroneously, already taken back.