Bug 54129 – on Join: failed to copy /var/lib/univention-ldap/notify/transaction from the Primary Directory Node.

Bug 54129 - on Join: failed to copy /var/lib/univention-ldap/notify/transaction from the Primary Directory Node.


Summary:	on Join: failed to copy /var/lib/univention-ldap/notify/transaction from the ...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain join
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-11-24 12:01 CET by Maximilian Janßen
Modified:	2023-08-21 12:05 CEST (History)
CC List:	1 user (show)

See Also:	10018
What kind of report is it?:	Bug Report
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2021112021000041
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maximilian Janßen

2021-11-24 12:01:11 CET

Version: 5.0-0 errata158

Error: 
Domain setup (this might take a while): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them --  FAILED: failed to copy
/var/lib/univention-ldap/notify/transaction from the Primary Directory Node. Please try again.
Configure 03univention-directory-listener.inst Sat Nov 20 04:19:05 PST 2021
2021-11-20 04:19:05.256701964+08:00 (in joinscript_init)
20.11.21 04:19:05.562  DEBUG_INIT
20.11.21 04:19:05.573  LDAP        ( PROCESS ) : connecting to ldap://ucs-alpha.ngtglobal.local:7389
20.11.21 04:19:10.965  LISTENER    ( WARN    ) : handler: replication (not ready) (ignore)
Restarting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to
reload units.
.
20.11.21 04:19:14.639  LISTENER    ( WARN    ) : Set Schema ID to 26
20.11.21 04:19:14.639  LISTENER    ( WARN    ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: no process found
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload
units.
.
20.11.21 04:58:24.017  LISTENER    ( WARN    ) : finished initializing module replication with rv=0
20.11.21 04:58:24.017  LISTENER    ( WARN    ) : initializing module ldap_extension
20.11.21 04:58:33.891  LISTENER    ( PROCESS ) : ldap_extension: cn=62univention-portal,cn=ldapacl,cn=univention,dc=ngtglobal,dc=local active? [b'TRUE']
20.11.21 04:58:37.184  LISTENER    ( PROCESS ) : ldap_extension: cn=66univention-appcenter_app,cn=ldapacl,cn=univention,dc=ngtglobal,dc=local active? [b'TRUE']
20.11.21 04:58:40.963  LISTENER    ( PROCESS ) : ldap_extension: cn=64selfservice_userattributes,cn=ldapacl,cn=univention,dc=ngtglobal,dc=local active? [b'TRUE']
20.11.21 04:58:47.186  LISTENER    ( PROCESS ) : ldap_extension: cn=66univention-ldap-server_acl-master-uvmm,cn=ldapacl,cn=univention,dc=ngtglobal,dc=local active? [b'TRUE']
20.11.21 04:58:48.658  LISTENER    ( WARN    ) : finished initializing module ldap_extension with rv=0
20.11.21 04:58:48.658  LISTENER    ( WARN    ) : initializing module nss
20.11.21 04:59:04.535  LISTENER    ( WARN    ) : finished initializing module nss with rv=0
20.11.21 04:59:04.535  LISTENER    ( WARN    ) : initializing module keytab
20.11.21 04:59:05.388  LISTENER    ( PROCESS ) : Exporting /etc/krb5.keytab on domaincontroller_backup
20.11.21 04:59:05.904  LISTENER    ( WARN    ) : finished initializing module keytab with rv=0
20.11.21 04:59:05.904  LISTENER    ( WARN    ) : initializing module portal_server
20.11.21 04:59:07.214  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:folder:cn=help,cn=folder,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:07.727  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:portal:cn=local,cn=portal,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:08.292  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:portal:cn=domain,cn=portal,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:08.818  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=umc-local,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:09.489  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=login-ucs,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:10.634  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=root-cert,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:11.662  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=umc-domain,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:12.355  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=login-saml,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:12.893  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:13.426  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:folder:cn=certificates,cn=folder,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:13.864  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionblog,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:14.469  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=local-admin,cn=category,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:15.356  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=domain-admin,cn=category,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:16.553  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionforum,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:17.085  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=domain-service,cn=category,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:17.601  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionwebsite,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:18.105  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionfeedback,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:18.760  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=ucs-local-to-domain,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:19.320  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=certificate-revocation,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:20.408  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-my-profile,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:21.524  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-protect-account,cn=entry,cn=portals,cn=univention,dc=ngtglobal,dc=local
20.11.21 04:59:22.675  LISTENER    ( WARN    ) : finished initializing module portal_server with rv=0
20.11.21 04:59:22.675  LISTENER    ( WARN    ) : initializing module nfs-homes
20.11.21 04:59:24.389  LISTENER    ( WARN    ) : finished initializing module nfs-homes with rv=0
20.11.21 04:59:24.389  LISTENER    ( WARN    ) : initializing module nscd_update
20.11.21 04:59:56.487  LISTENER    ( WARN    ) : finished initializing module nscd_update with rv=0
20.11.21 04:59:56.487  LISTENER    ( WARN    ) : initializing module faillog
20.11.21 05:02:10.068  LISTENER    ( WARN    ) : finished initializing module faillog with rv=0
20.11.21 05:02:10.069  LISTENER    ( WARN    ) : initializing module nagios-client
20.11.21 05:02:29.058  LISTENER    ( WARN    ) : finished initializing module nagios-client with rv=0
20.11.21 05:02:29.058  LISTENER    ( WARN    ) : initializing module udm_extension
20.11.21 05:02:49.835  LISTENER    ( WARN    ) : finished initializing module udm_extension with rv=0
20.11.21 05:02:49.835  LISTENER    ( WARN    ) : initializing module nfs-shares
20.11.21 05:02:49.836  LISTENER    ( PROCESS ) : Writing /etc/exports with 10 lines
20.11.21 05:02:51.367  LISTENER    ( WARN    ) : finished initializing module nfs-shares with rv=0
20.11.21 05:02:51.367  LISTENER    ( WARN    ) : initializing module gencertificate
20.11.21 05:02:54.012  LISTENER    ( WARN    ) : finished initializing module gencertificate with rv=0
20.11.21 05:02:54.012  LISTENER    ( WARN    ) : initializing module bind
20.11.21 05:02:56.419  LISTENER    ( WARN    ) : finished initializing module bind with rv=0
20.11.21 05:02:56.419  LISTENER    ( WARN    ) : initializing module app_attributes
20.11.21 05:02:58.205  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:02:59.610  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:00.044  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:00.710  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:01.327  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:01.986  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:02.714  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:03.379  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:03.616  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:04.290  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:04.645  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:05.318  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:05.846  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:06.513  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:07.139  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:07.801  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:08.058  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:08.749  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:09.006  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:09.670  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:10.259  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:10.919  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:11.137  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:11.805  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:12.024  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:12.688  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:13.103  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:13.788  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:14.611  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:15.276  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:15.663  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:16.327  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:16.578  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:17.237  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:17.843  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:18.500  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:19.564  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:20.233  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:20.986  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:21.655  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:22.442  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:23.103  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:23.330  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
20.11.21 05:03:23.991  LISTENER    ( PROCESS ) : app_attributes: Finished
20.11.21 05:03:24.308  LISTENER    ( WARN    ) : finished initializing module app_attributes with rv=0
20.11.21 05:03:24.309  LISTENER    ( WARN    ) : initializing module univention-saml-servers
20.11.21 05:03:27.352  LISTENER    ( WARN    ) : finished initializing module univention-saml-servers with rv=0
20.11.21 05:03:27.353  LISTENER    ( WARN    ) : initializing module univention-saml-idp-config
/etc/idp-ldap-user.secret could not be read!
/etc/idp-ldap-user.secret could not be read!20.11.21 05:03:29.314  LISTENER    ( WARN    ) : finished initializing module univention-saml-idp-config with rv=0
20.11.21 05:03:29.315  LISTENER    ( WARN    ) : initializing module portal_groups
20.11.21 05:03:53.795  LISTENER    ( WARN    ) : finished initializing module portal_groups with rv=0
20.11.21 05:03:53.796  LISTENER    ( WARN    ) : initializing module keytab-member
20.11.21 05:03:56.053  LISTENER    ( WARN    ) : finished initializing module keytab-member with rv=0
20.11.21 05:03:56.053  LISTENER    ( WARN    ) : initializing module pkgdb-watch
20.11.21 05:03:57.628  LISTENER    ( WARN    ) : finished initializing module pkgdb-watch with rv=0
20.11.21 05:03:57.628  LISTENER    ( WARN    ) : initializing module umc-service-providers
20.11.21 05:04:01.313  LISTENER    ( WARN    ) : finished initializing module umc-service-providers with rv=0
20.11.21 05:04:01.313  LISTENER    ( WARN    ) : initializing module ldap_server
20.11.21 05:04:06.244  LISTENER    ( WARN    ) : finished initializing module ldap_server with rv=0
20.11.21 05:04:06.244  LISTENER    ( WARN    ) : initializing module license_uuid
20.11.21 05:04:08.433  LISTENER    ( WARN    ) : finished initializing module license_uuid with rv=0
20.11.21 05:04:08.433  LISTENER    ( WARN    ) : initializing module univention-saml-simplesamlphp-configuration
20.11.21 05:04:13.833  LISTENER    ( WARN    ) : finished initializing module univention-saml-simplesamlphp-configuration with rv=0
20.11.21 05:04:13.833  LISTENER    ( WARN    ) : initializing module quota
20.11.21 05:05:02.496  LISTENER    ( WARN    ) : finished initializing module quota with rv=0
20.11.21 05:05:02.496  LISTENER    ( WARN    ) : initializing module univention-admin-diary-backend
20.11.21 05:05:05.549  LISTENER    ( WARN    ) : finished initializing module univention-admin-diary-backend with rv=0
20.11.21 05:05:05.549  LISTENER    ( WARN    ) : initializing module hosteddomains
20.11.21 05:05:11.561  LISTENER    ( WARN    ) : finished initializing module hosteddomains with rv=0
20.11.21 05:05:11.561  LISTENER    ( WARN    ) : initializing module well-known-sid-name-mapping
20.11.21 05:05:59.167  LISTENER    ( PROCESS ) : well-known-sid-name-mapping: ucr set groups/default/printoperators=Printer-Admins
20.11.21 05:07:39.069  LISTENER    ( WARN    ) : finished initializing module well-known-sid-name-mapping with rv=0
20.11.21 05:07:39.069  LISTENER    ( WARN    ) : initializing module univention-saml-groups
20.11.21 05:07:40.464  LISTENER    ( WARN    ) : finished initializing module univention-saml-groups with rv=0
29671
20.11.21 05:07:40.480  LISTENER    ( PROCESS ) : ldap_extension: Reloading LDAP server.
Restarting nagios-nrpe-server (via systemctl): nagios-nrpe-server.service.
Updating umc
Portal data untouched
30642
20.11.21 05:07:43.039  LISTENER    ( PROCESS ) : umc-service-providers: Reloading LDAP server.
Restarting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to
reload units.
.
Warning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
2021-11-20 05:07:43.594131123+08:00 (in joinscript_save_current_version)


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them --  FAILED: failed to copy
/var/lib/univention-ldap/notify/transaction from the Primary Directory Node. Please try again.
**************************************************************************


Role: domaincontroller_backup

Comment 1 edv 2023-08-14 14:35:54 CEST

Ran into the same problem wit 4.4-9. Got an Updated Master (from 1.6) and want to install a backup for swing by migration. Fresh install of the backup with 4.4-9.

Any Ideas? At first I got stuck that he could not found /etc/ldap.secret, just copied that by hand and the procedure went on. Now I'm kinda stuck. Maybe trying to join with a 4.4-8 or older UCS backup?

Comment 2 edv 2023-08-21 12:05:44 CEST

I think I found the solution.

When joining the UCS Domain e.g. while installing the system it is done as a User. You enter Administrator and the password. The files /etc/ldap.secret,/etc/ldap-backup.secret and /var/lib/univention-ldap/notify/transaction belong to root and the group DC Backup Hosts. As you join and try to copy the files as user Administrator this must fail (as can be seen in /var/log/auth.log).

So the solution is that you do a chmod o+r for the file(s) while joining or add the User Administrator (or whatver user you use for joining) to the DC Backup Hosts (which feels weird too).

Would be better if the machine is joinig via it's machine secret and that join step is done before with the user credentials.