First Last Prev Next    This bug is not in your last search results.
Bug 52726 - join script checks resolve with name and gethostbyaddr
join script checks resolve with name and gethostbyaddr
Status: VERIFIED FIXED
Product: UCS
Classification: Unclassified
Component: Univention Domain Join (Ubuntu)
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Philipp Hahn
Maximilian Janßen
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-30 12:33 CET by Dirk Schnick
Modified: 2022-11-04 10:53 CET (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.343
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
hahn: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Schnick univentionstaff 2021-01-30 12:33:04 CET 
univention domain join script breaks as it tries to resolve with name using gethostbyaddr


Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings


Code is /usr/lib/python3/dist-packages/univention_domain_join/utils/general.py

def name_is_resolvable(name):
        try:
                socket.gethostbyaddr(name)
                return True
        except Exception:
                return False


Changing to socket.gethostbyaddr(name) to socket.gethostbyname(name) solved my breaking join.
Looks like a really low hanging fruit ;-)
Comment 1 Erik Damrose univentionstaff 2021-02-01 09:13:01 CET 
Please describe how to reproduce this issue, which parameters are passed to the domain join client?
Comment 2 Philipp Hahn univentionstaff 2021-02-01 11:35:54 CET 
(In reply to Erik Damrose from comment #1)
> Please describe how to reproduce this issue, which parameters are passed to
> the domain join client?

It's simply looks wrong as
`gethostbyaddr()` is for `IP` → `name`, while
`gethostbyname()` is for `name` → `IP`.

Please note that `gethostbyname()` is IPv4-only: <https://docs.python.org/3/library/socket.html#socket.gethostbyname>
The new interface `getaddrinfo()` should be used: <https://docs.python.org/3/library/socket.html#socket.getaddrinfo>
(This is a little bit tricky as multiple protocols are required for joining, minimum ldap:7389 and ssh:22.

Code:
- https://git.knut.univention.de/univention/univention-domain-join/-/blob/ubuntu20.04/univention_domain_join/distributions/ubuntu.py#L108
- https://git.knut.univention.de/univention/univention-domain-join/-/blob/ubuntu20.04/univention_domain_join/utils/general.py#L50

But it still should work:
> # python3 -c 'help(__import__("socket").gethostbyaddr)'
> Help on built-in function gethostbyaddr in module _socket:
> 
> gethostbyaddr(...)
>     gethostbyaddr(host) -> (name, aliaslist, addresslist)
>     
>     Return the true host name, a list of aliases, and a list of IP addresses,
>     for a host.  The host argument is a string giving a host name or IP number.
                                                          ^^^^^^^^^^^^
# python2.7 -c 'print(__import__("socket").gethostbyaddr("www.univention.de"))'
('www.univention.de', [], ['78.47.199.152'])
# python3.7 -c 'print(__import__("socket").gethostbyaddr("www.univention.de"))'
('www.univention.de', [], ['78.47.199.152'])
Comment 3 Erik Damrose univentionstaff 2021-02-01 11:41:36 CET 
I think this goes in the wrong direction. I know what gethostbyaddr() does.

I strongly suspect that the join client is called with wrong parameters, thats why i asked how to reproduce the issue. In that case only the parameter parsing could be improved, but the code in itself is still correct (for IPv4).
Comment 4 Philipp Hahn univentionstaff 2021-02-01 11:48:51 CET 
(In reply to Erik Damrose from comment #3)
> I think this goes in the wrong direction. I know what gethostbyaddr() does.

I trust that you due, but had a short look myself and just wanted to document my findings for others to save them from doing the same again.
From the past I remember that we explicitly decided to use `gethostbyaddr()` (despite its "reversed" nature) as it also supported IPv6; so the proposed change should not be done as it would limit the DJA to IPv4 only.
Comment 5 Dirk Schnick univentionstaff 2021-02-01 12:38:35 CET 
You can check the test environment if you want. It is a new environment set up end of december. Everything should be standart. Used ucs-kt-get Ubuntu image.
Ubuntu client has an unjoined snapshot.

Client VM dschnick_school-sl1Lin1-157 -> ssh -p 22211 test-ubu20@10.200.59.126
Master VM dschnick_school_10_DC0 -> ssh -p 222 root@10.200.59.126

PW as usual.

Last sommer a customer complained that behavior, but did not respond later on.
I simply changed and it was working, but as Philipp stated it should provide IPv6. As I'm not a programmer my suggestion may be not the best. ;-)


root@sl1Lin1:~# history |grep 'univention-domain-join-cli '
   20  univention-domain-join-cli 
   22  univention-domain-join-cli 
   26  univention-domain-join-cli --force-ucs-dns
   37  univention-domain-join-cli --force-ucs-dns
   38  univention-domain-join-cli --force-ucs-dns --dc-ip 10.200.59.250
   45  univention-domain-join-cli --help
   46  univention-domain-join-cli --domain reiherwaldschule.intranet --dc-ip 10.200.59.250 --username xxx --password xxx
   47  univention-domain-join-cli --dc-ip 10.200.59.250 --username xxx --password xxx
   48  univention-domain-join-cli --force-ucs-dns --dc-ip 10.200.59.250 --username xxx --password xxx
   51  univention-domain-join-cli --force-ucs-dns --dc-ip 10.200.59.250 --username xxx --password xxx
   54  univention-domain-join-cli --force-ucs-dns --dc-ip 10.200.59.250 --username xxx --password xxx
   73  univention-domain-join-cli --force-ucs-dns --domain reiherwaldschule.intranet --username xxx --password xxx
   76  univention-domain-join-cli --force-ucs-dns --domain reiherwaldschule.intranet --username xxx --password xxx
   78  univention-domain-join-cli --force-ucs-dns --dc-ip 10.200.59.250 --username xxx --password xxx


root@sl1Lin1:~# cat /var/log/univention/domain-join-cli.log 
2021-01-30 11:13:34,840 userinfo INFO Automatically detected the domain 'reiherwaldschule.intranet'.
2021-01-30 11:13:49,801 userinfo INFO Automatically detected the domain 'reiherwaldschule.intranet'.
2021-01-30 11:14:02,148 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:14:02,158 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:14:02,158 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130101402_domain-join'.
2021-01-30 11:14:02,945 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:14:02,945 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:15:00,684 userinfo INFO Automatically detected the domain 'reiherwaldschule.intranet'.
2021-01-30 11:15:12,158 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:15:12,160 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:15:12,160 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130101512_domain-join'.
2021-01-30 11:15:12,932 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:15:12,933 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:27:06,744 userinfo INFO Automatically detected the domain 'reiherwaldschule.intranet'.
2021-01-30 11:27:21,089 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:27:21,090 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:27:21,091 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130102721_domain-join'.
2021-01-30 11:27:21,091 userinfo INFO changing network/dns configuration as requested.
2021-01-30 11:27:21,120 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 11:27:21,159 userinfo INFO Applying new settings to ens3.
2021-01-30 11:27:23,001 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:27:23,002 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:45:19,681 userinfo INFO Automatically detected the domain None.
2021-01-30 11:45:19,682 userinfo CRITICAL Unable to determine the UCS domain automatically. Please provide it using the --domain parameter or use the tool with --dc-ip.
2021-01-30 11:46:19,362 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:46:19,364 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:46:19,364 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130104619_domain-join'.
2021-01-30 11:46:19,364 userinfo INFO changing network/dns configuration as requested.
2021-01-30 11:46:19,403 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 11:46:19,450 userinfo INFO Applying new settings to ens3.
2021-01-30 11:46:20,399 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:46:20,400 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:50:17,377 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:50:17,379 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:50:17,380 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130105017_domain-join'.
2021-01-30 11:50:18,281 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:50:18,282 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:51:06,388 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:51:06,389 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:51:06,390 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130105106_domain-join'.
2021-01-30 11:51:06,913 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:51:06,914 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:52:24,443 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:52:24,444 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:52:24,445 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130105224_domain-join'.
2021-01-30 11:52:24,445 userinfo INFO changing network/dns configuration as requested.
2021-01-30 11:52:24,472 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 11:52:24,575 userinfo INFO Applying new settings to ens3.
2021-01-30 11:52:25,593 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:52:25,594 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 11:57:47,993 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 11:57:47,994 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 11:57:47,994 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130105747_domain-join'.
2021-01-30 11:57:47,995 userinfo INFO changing network/dns configuration as requested.
2021-01-30 11:57:48,032 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 11:57:48,077 userinfo INFO Applying new settings to ens3.
2021-01-30 11:57:48,997 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 11:57:48,998 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 12:02:34,122 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 12:02:34,123 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 12:02:34,124 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130110234_domain-join'.
2021-01-30 12:02:34,124 userinfo INFO changing network/dns configuration as requested.
2021-01-30 12:02:34,161 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 12:02:34,212 userinfo INFO Applying new settings to ens3.
2021-01-30 12:02:35,141 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 12:02:35,143 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 12:13:47,222 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 12:13:47,224 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 12:13:47,224 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130111347_domain-join'.
2021-01-30 12:13:47,224 userinfo INFO changing network/dns configuration as requested.
2021-01-30 12:13:47,262 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 12:13:47,358 userinfo INFO Applying new settings to ens3.
2021-01-30 12:13:48,483 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 12:13:48,485 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 12:15:41,891 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 12:15:41,893 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 12:15:41,893 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130111541_domain-join'.
2021-01-30 12:15:41,894 userinfo INFO changing network/dns configuration as requested.
2021-01-30 12:15:41,933 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 12:15:41,982 userinfo INFO Applying new settings to ens3.
2021-01-30 12:15:43,055 userinfo CRITICAL An error occurred: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings. Please check /var/log/univention/domain-join-cli.log for more information.
2021-01-30 12:15:43,056 debugging CRITICAL The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
Traceback (most recent call last):
  File "/usr/sbin/univention-domain-join-cli", line 189, in <module>
    distribution_joiner.join_domain()
  File "/usr/lib/python3/dist-packages/univention_domain_join/distributions/ubuntu.py", line 108, in join_domain
    raise DcResolveException('The UCS master name %s can not be resolved, please check your DNS settings' % self.ldap_master)
univention_domain_join.distributions.ubuntu.DcResolveException: The UCS master name dc0.reiherwaldschule.intranet can not be resolved, please check your DNS settings
2021-01-30 12:23:55,667 userinfo WARNING Warning: /etc/ldap/ldap.conf already exists.
2021-01-30 12:23:55,669 userinfo WARNING Warning: /etc/krb5.conf already exists.
2021-01-30 12:23:55,669 userinfo INFO Created a backup of all configuration files, that will be modified at '/var/univention-backup/20210130112355_domain-join'.
2021-01-30 12:23:55,669 userinfo INFO changing network/dns configuration as requested.
2021-01-30 12:23:55,707 userinfo INFO Configuring ipv4 DNS servers for ens3.
2021-01-30 12:23:55,768 userinfo INFO Applying new settings to ens3.
2021-01-30 12:23:58,332 userinfo INFO Getting the DN of the Administrator 
2021-01-30 12:24:00,335 userinfo INFO Downloading the UCS root certificate to /etc/univention/ssl/ucsCA/CAcert.pem
2021-01-30 12:24:00,489 userinfo INFO Adding the UCS root certificate to the certificate store
2021-01-30 12:24:04,594 userinfo INFO Adding LDAP entry for this machine on the UCS DC
2021-01-30 12:24:20,928 userinfo INFO Writing /etc/ldap/ldap.conf 
2021-01-30 12:24:20,930 userinfo INFO Writing /etc/machine.secret 
2021-01-30 12:24:20,932 userinfo INFO Writing /etc/sssd/sssd.conf 
2021-01-30 12:24:22,021 userinfo INFO Configuring auth config profile for sssd
2021-01-30 12:24:22,663 userinfo INFO Restarting sssd
2021-01-30 12:24:23,235 userinfo INFO Writing /usr/share/pam-configs/ucs_mkhomedir 
2021-01-30 12:24:23,236 userinfo INFO Adding  groups to /etc/security/group.conf 
2021-01-30 12:24:23,237 userinfo INFO Adding  groups to /usr/share/pam-configs/local_groups 
2021-01-30 12:24:23,239 userinfo INFO Updating PAM
2021-01-30 12:24:23,790 userinfo INFO Writing /etc/krb5.conf 
2021-01-30 12:24:23,791 userinfo INFO Synchronizing time with the DC
2021-01-30 12:25:33,101 userinfo INFO The domain join was successful.
2021-01-30 12:25:33,102 userinfo INFO Please reboot the system.
Comment 7 Philipp Hahn univentionstaff 2022-03-09 07:51:53 CET 
(In reply to Philipp Hahn from comment #6)
> https://github.com/univention/univention-domain-join/pull/2

Someone please react in a timely manner to that MR form an external person.
Comment 8 Dirk Schnick univentionstaff 2022-03-10 08:52:32 CET 
As I do not know what more info is need, I set status back to new.
Comment 9 Philipp Hahn univentionstaff 2022-09-19 13:47:38 CEST 
Finally I can reproduce this:
- :heavy_check_mark: `python3 -c 'import socket;socket.gethostbyname("forge.univention.org")'`
- :red_circle: `python3 -c 'import socket;socket.gethostbyaddr("forge.univention.org")'`

The root cause is the `label` → `IPv4` works (there is a DNS-`A`-RR), but `IPv4` → `label` does **not** work (there is **no** DNS-`PTR`-RR):
```
$ dig forge.univention.org.
;forge.univention.org.          IN      A
forge.univention.org.   3509    IN      A       78.138.66.7
$ dig -x 78.138.66.7
;7.66.138.78.in-addr.arpa.      IN      PTR
```

So `gethostbyaddr()` fails if there is no DNS-`PTR`-RR for the given DC, which is understandable.
As we only want to check the forward name resolution from label to IP (hopefully `ssh` and `ldapsearch` use the same functions and implementation), `gethostbyname()` loo

# Requirements
- must work with IPv4 only
- must work with IPv6 only
- must work with mixed IPv4 and IPv6

# Test setup
```
# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost ipv4.phahn.dev. any
ipv4.phahn.dev.         172800  IN      A       10.200.17.2

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost ipv6.phahn.dev. any
ipv6.phahn.dev.         172800  IN      AAAA    1:2:3:4::5

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost both.phahn.dev. any
both.phahn.dev.         172800  IN      AAAA    1:2:3:4::6
both.phahn.dev.         172800  IN      A       10.200.17.6

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost -x 10.200.17.2
2.17.200.10.in-addr.arpa. 172800 IN     PTR     ipv4.phahn.dev.

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost -x 1:2:3:4::5
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa. 172800 IN PTR ipv6.phahn.dev.

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost -x 1:2:3:4::6
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa. 172800 IN PTR both.phahn.dev.

# dig +nocmd +nocomment +nostats +noquestion +noauthority +noadditional @localhost -x 10.200.17.6
6.17.200.10.in-addr.arpa. 172800 IN     PTR     both.phahn.dev.
```

# Tests
```
# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' both.phahn.dev.
[(2, 6, 33, '', ('10.200.17.6', 22)), (10, 6, 33, '', ('1:2:3:4::6', 22, 0, 0))]
10.200.17.6
('both.phahn.dev', [], ['10.200.17.6'])

# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' ipv4.phahn.dev.
[(2, 6, 33, '', ('10.200.17.2', 22))]
10.200.17.2
('ipv4.phahn.dev', [], ['10.200.17.2'])

# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' ipv6.phahn.dev.
[(10, 6, 33, '', ('1:2:3:4::5', 22, 0, 0))]
Traceback (most recent call last):
  File "<string>", line 1, in <module>
socket.gaierror: [Errno -2] Name or service not known

# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' 10.200.17.38
[(2, 6, 33, '', ('10.200.17.38', 22))]
10.200.17.38
('m38.phahn.dev', ['m38'], ['10.200.17.38'])

# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' 1:2:3:4::5
[(10, 6, 33, '', ('1:2:3:4::5', 22, 0, 0))]
Traceback (most recent call last):
  File "<string>", line 1, in <module>
socket.gaierror: [Errno -9] Address family for hostname not supported

# python -c 'import socket,sys;print(socket.getaddrinfo(sys.argv[1], 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP));print(socket.gethostbyname(sys.argv[1]));print(socket.gethostbyaddr(sys.argv[1]))' 1:2:3:4::6
[(10, 6, 33, '', ('1:2:3:4::6', 22, 0, 0))]
Traceback (most recent call last):
  File "<string>", line 1, in <module>
socket.gaierror: [Errno -9] Address family for hostname not supported
```

# Summary
Please use `socket.getaddrinfo(fqhn, 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP)` instead as it supports
- IPv4 addresses
- IPv6 addresses
- lables (FQHN)
Comment 10 Philipp Hahn univentionstaff 2022-09-20 07:02:33 CEST 
Proof that it is more than "a very few installed domains":
- https://help.univention.com/t/ucs5-join-dns-error/17930
- https://help.univention.com/t/domain-join-tool-fails-on-ubuntu-20-04/19908
- https://help.univention.com/t/univention-domain-join-cli-fuer-ubuntu-problem/8527
- https://github.com/univention/univention-domain-join/pull/2
- https://github.com/univention/univention-domain-join/pull/4
- Support spent time on this
- …

Multiple persons participated in those posts and even provided two pull request to fix it; just apply the MR to fix those two lines instead of doing bug-metadata-battle!
Comment 12 Philipp Hahn univentionstaff 2022-10-04 12:10:24 CEST 
diff --git univention_domain_join/utils/general.py univention_domain_join/utils/general.py
index 46c4bad..4969daa 100644
--- univention_domain_join/utils/general.py
+++ univention_domain_join/utils/general.py
@@ -47,7 +47,6 @@ def execute_as_root(func):
 
 def name_is_resolvable(name):
        try:
-               socket.gethostbyaddr(name)
-               return True
+               return bool(socket.getaddrinfo(name, 22, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP))
        except Exception:
                return False
Comment 13 Philipp Hahn univentionstaff 2022-10-11 18:25:33 CEST 
Merged but not build yet.

Waiting for https://git.knut.univention.de/univention/univention-domain-join/-/merge_requests/1 as this contains the infrastructure to automate the build.
First Last Prev Next    This bug is not in your last search results.