Bug 40137 - Joining a AD Slave into an AD Domain fails
Joining a AD Slave into an AD Domain fails
Status: RESOLVED DUPLICATE of bug 39601
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: Connector maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-01 01:03 CET by Dirk Wiesenthal
Modified: 2015-12-29 09:29 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2015-12-01 01:03:55 CET
AD set up, UCS Master already joined.

UCS Slave wants to join, too. But it fails.

Message:  ssh-login for Administrator@ucsinad.arw2k8r2i2.qa failed. Maybe you entered a wrong password.

Problem is that ucsinad is somehow resolved to localhost, although this is clearly the UCS Master.

ping ucsinad
=> 64 bytes from 10.200.27.15 (=> UCS Master)

ssh root@ucsinad
=> Univention DC Slave 4.1-0: The UCS management system can be reached... (=> UCS Slave, aka localhost)

As the slave is not yet part of the domain, a univention-ssh Administrator@ucsinad will of course fail. Although he should not connect to himself, I guess.

Am I doing something wrong here?
Comment 1 Dirk Wiesenthal univentionstaff 2015-12-01 01:04:58 CET
Pretty sure this happened in Ticket#2015112421000635
Comment 2 Dirk Wiesenthal univentionstaff 2015-12-01 01:12:13 CET
To make that clear:
  ping can resolve the correct IP address when asked for ucsinad
  ssh cannot. It resolves ucsinad to localhost, although hostname is slave30

I could "fix" it by manually editing /etc/hosts by adding:
10.200.27.15 ucsinad.arw2k8r2i2.qa ucsinad

(which should be done in UCR, of course)
(which should not be necessary)
Comment 3 Dirk Wiesenthal univentionstaff 2015-12-01 01:46:13 CET
ucr get nameserver1 => 10.200.8.126 => Win2k8 AD
I think I had to do that during system-setup. Under the UCS Master IP nothing was found.

Note that I also had to rm .ssh/known_hosts because otherwise I got a lot of MITM warnings.
Comment 4 Stefan Gohmann univentionstaff 2015-12-29 09:29:09 CET
(In reply to Dirk Wiesenthal from comment #0)
> AD set up, UCS Master already joined.
> 
> UCS Slave wants to join, too. But it fails.
> 
> Message:  ssh-login for Administrator@ucsinad.arw2k8r2i2.qa failed. Maybe
> you entered a wrong password.
> 
> Problem is that ucsinad is somehow resolved to localhost, although this is
> clearly the UCS Master.

I guess it is a duplicate of Bug #39601. If it is not, please re-open.

*** This bug has been marked as a duplicate of bug 39601 ***