Bug 55053 – univention-join fails without a error message

Bug 55053 - univention-join fails without a error message


Summary:	univention-join fails without a error message

Status:	NEEDMOREINFO

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain join
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-08-01 15:17 CEST by Maximilian Janßen
Modified:	2024-01-12 09:48 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2021021521000256, 2022100421000689, 2023063021000216, 2023042321000126, 2023100421000071
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maximilian Janßen

2022-08-01 15:17:07 CEST

Version: 4.4-7 errata893 (Blumenthal)

Domain setup (this might take a while): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@***.***.** failed with " ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
Mon Feb 15 09:40:00 CET 2021: starting /usr/sbin/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites
running version check
OK: UCS version on ***.****.** is higher or equal (4.47) to the local version (4.47).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Mon Feb 15 09:40:07 CET 2021: finish /usr/sbin/univention-join
Mon Feb 15 01:52:20 MST 2021: starting /usr/share/univention-join/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /tmp/tmp.wclJoxpMXv

Comment 1 Mika Westphal

2022-10-28 09:53:38 CEST

Reported again

Version: 5.0-2 errata441

Error:
Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to
Administrator@***.***.*** failed with " ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
Tue Oct  4 20:06:32 CEST 2022: starting /sbin/univention-join -dcname pdcbb.bb.ucs -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites
running version check
OK: UCS version on ***.***.*** is higher or equal (5.02) to the local version (5.02).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Tue Oct  4 20:06:39 CEST 2022: finish /sbin/univention-join
Tue Oct  4 20:19:55 CEST 2022: starting /usr/share/univention-join/univention-join -dcname ***.***.*** -dcaccount Administrator -dcpwd /tmp/tmp.Sj0VMV8rZ0


Role: domaincontroller_slave

Comment 2 Maximilian Janßen

2023-07-06 14:09:01 CEST

Version: 5.0-4 errata721

Error:
Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to
Administrator@***.***.** failed with "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for ***.***.** has changed, and the key for the corresponding IP address 192.168.22.146 is
unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now
(man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is
SHA256:*****. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R "***.***.**" Password authentication is disabled to avoid
man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. Administrator@***.***.**: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
Fri Jun 30 11:59:20 CEST 2023: starting /usr/sbin/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret
-checkPrerequisites
running version check
OK: UCS version on ***.***.** is higher or equal (5.04) to the local version (5.04).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Fri Jun 30 11:59:25 CEST 2023: finish /usr/sbin/univention-join
Fri Jun 30 12:04:29 CEST 2023: starting /usr/share/univention-join/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /tmp/tmp.kOyTLeYaxD

Role: domaincontroller_slave

Comment 3 Maximilian Janßen

2023-07-06 14:27:22 CEST

Version: 5.0-3 errata645

Error:
Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to
Administrator@***.***.** failed with " ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
Sun Apr 23 11:15:27 CEST 2023: starting /usr/sbin/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret
-checkPrerequisites
running version check
OK: UCS version on ***.***.** is higher or equal (5.03) to the local version (5.03).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Sun Apr 23 11:15:34 CEST 2023: finish /usr/sbin/univention-join
Sun Apr 23 11:21:27 CEST 2023: starting /usr/share/univention-join/univention-join -dcname ***.***.** -dcaccount Administrator -dcpwd /tmp/tmp.rZWpMj5Zss


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@***.***.**
failed with " ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
**************************************************************************


Role: domaincontroller_backup

Comment 5 Mika Westphal

2024-01-12 09:48:40 CET

2024010921000362 5.0-5 errata907
2024010921000344 5.0-5 errata907 Remark: ubi pls fix

Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to administrator@*** failed with "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for *** has changed, and the key for the corresponding IP address 172.16.0.4 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:SCoRRp8s1zqX15+0deNX0M5ZQI2xlZXqcjKh99retJk. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R "***" Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. administrator@***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). ". Please make sure the account administrator exists and is a member of the Domain Admins group!
Tue Jan 9 12:55:16 CET 2024: starting /usr/sbin/univention-join -dcname *** -dcaccount administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites
running version check
OK: UCS version on *** is higher or equal (5.06) to the local version (5.05).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Tue Jan 9 12:55:21 CET 2024: finish /usr/sbin/univention-join
Tue Jan 9 12:57:59 CET 2024: starting /usr/sbin/univention-join -dcname *** -dcaccount administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites
running version check
OK: UCS version on *** is higher or equal (5.06) to the local version (5.05).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Tue Jan 9 12:58:03 CET 2024: finish /usr/sbin/univention-join
Tue Jan 9 13:02:17 CET 2024: starting /usr/share/univention-join/univention-join -dcname *** -dcaccount administrator -dcpwd /tmp/tmp.4IXJXVkYto

**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to administrator@*** failed with "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for *** has changed, and the key for the corresponding IP address 172.16.0.4 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:SCoRRp8s1zqX15+0deNX0M5ZQI2xlZXqcjKh99retJk. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:1 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R "***" Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. administrator@***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). ". Please make sure the account administrator exists and is a member of the Domain Admins group!
**************************************************************************