Univention Bugzilla – Bug 56094
Samba join into a site failed, because samba4 is just installed on the DC-Backup
Last modified: 2023-05-25 12:02:25 CEST
(In reply to Mirac Erdemiroglu from comment #0) > The System could not join into the samba site successfully, because samba4 > is just installed on the DC-Backup, so the Running 96univention-samba4.inst > don't create the site. > > Some information about the systems: > > DC-Master > ucr get server/role > domaincontroller_master > root@dc-master:~/univention-support# univention-app info > UCS: 5.0-3 errata632 > Installed: mailserver=12.0 oxseforucs=7.10.6-ucs3 self-service=5.0 > self-service-backend=5.0 > > DC-Backup > ucr get server/role > domaincontroller_backup > root@dc-backup:/var/lib/samba/private# univention-app info > UCS: 5.0-3 errata668 > Installed: pkgdb=11.0 samba4=4.16 self-service=5.0 self-service-backend=5.0 > > DC-Replica > ucr get server/role > | > domaincontroller_slave > root@dc-slave:/var/lib/samba# univention-app info > UCS: 5.0-3 errata668 > Installed: cups=2.2.1 samba4=4.16 > > Information from the join.log > > + ucr_variable=ldap/master > ++ ucr get ldap/master > + try_server=dc-master.univention.de > + ldbsearch -k no -A/var/run/univention-join/samba-authentication-file -H > ldap://dc-master.univention.de -s base > + echo 'create_site: looks like there is no Samba4 on > ldap/master='\''dc-master.univention.de'\'', site creation skipped.' > create_site: looks like there is no Samba4 on > ldap/master='dc-master.univention.de', site creation skipped. > + SITE_OPTION=--site=UNI > > > ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file > or directory > ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend > 'tdb': Unable > to open tdb '/var/lib/samba/private/secrets.ldb': N > o such file or directory > Could not find machine account in secrets database: Failed to fetch machine > account > password for UNIVENTION from both secrets.ldb (Could not op > en secrets.ldb) and from /var/lib/samba/private/secrets.tdb: > NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - > <00002030: > objectclass: Cannot add CN=dc-slave,CN=Servers,CN=UNI,CN=Site > s,CN=Configuration,DC=univention,DC=de, parent does not exist!> <>
Where is univention-s4-connector installed?
Workaround: Set this UCRV on the system you want to join and the entry, have to be the system, where samba4 is installed in the domain. ucr search samba4/dc | samba4/dc: ucs.univention.de If another Samba 4 domain controller joins the domain the server to join against is determined automatically by default. This variable can be used to configure a specific server. ucr set samba4/dc=fqdn (host.domainname) In our case, it was the Backup-Node. After then, run "univention-run-join-scripts" so the samba join scripts runs successfully. Running 96univention-samba4.inst done | Running 97univention-s4-connector.inst skipped (already executed) | Running 98univention-pkgdb-tools.inst skipped (already executed) | Running 98univention-samba4-dns.inst done | Running 98univention-samba4-saml-kerberos.inst skipped (already executed) | Running post-joinscripts hook(s): done
(In reply to Felix Botner from comment #2) > Where is univention-s4-connector installed? S4-connector is installed on the DC-Backup. The join script found the correct system where the s4-connector is installed, but after the site creation. +++ univention-ldapsearch -b dc=univention,dc=de -LLLo ldif-wrap=no '(&(univentionService=S4 Connector)(objectClass=univentionDomainController))' cn ++ ldif='dn: cn=ucsbackup,cn=dc,cn=computers,dc=univention,dc=de cn: ucsbackup' +++ sed -n 's/^cn: \(.*\)/\1/p' ++ s4connector_dc=ucsbackup ++ is_ucs_school_domain ++ local ldif +++ univention-ldapsearch -LLL '(univentionService=UCS@school)' dn ++ ldif= ++ grep -q '^dn: ' ++ echo ucsbackup + s4connector_dc=ucsbackup