Bug 56094 - Samba join into a site failed, because samba4 is just installed on the DC-Backup
Samba join into a site failed, because samba4 is just installed on the DC-Backup
Status: NEW
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-05-25 11:29 CEST by Mirac Erdemiroglu
Modified: 2023-05-25 12:02 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023051921001033
Bug group (optional): Workaround is available
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Mirac Erdemiroglu univentionstaff 2023-05-25 11:30:54 CEST
(In reply to Mirac Erdemiroglu from comment #0)
> The System could not join into the samba site successfully, because samba4
> is just installed on the DC-Backup, so the Running 96univention-samba4.inst
> don't create the site. 
> 
> Some information about the systems:
> 
> DC-Master
> ucr get server/role
> domaincontroller_master
> root@dc-master:~/univention-support# univention-app info
> UCS: 5.0-3 errata632
> Installed: mailserver=12.0 oxseforucs=7.10.6-ucs3 self-service=5.0
> self-service-backend=5.0
> 
> DC-Backup
> ucr get server/role
> domaincontroller_backup
> root@dc-backup:/var/lib/samba/private# univention-app info
> UCS: 5.0-3 errata668
> Installed: pkgdb=11.0 samba4=4.16 self-service=5.0 self-service-backend=5.0
> 
> DC-Replica
> ucr get server/role                                                         
> |
> domaincontroller_slave
> root@dc-slave:/var/lib/samba# univention-app info
> UCS: 5.0-3 errata668
> Installed: cups=2.2.1 samba4=4.16
> 
> Information from the join.log
> 
> + ucr_variable=ldap/master   
> ++ ucr get ldap/master
> + try_server=dc-master.univention.de
> + ldbsearch -k no -A/var/run/univention-join/samba-authentication-file -H
> ldap://dc-master.univention.de -s base
> + echo 'create_site: looks like there is no Samba4 on
> ldap/master='\''dc-master.univention.de'\'', site creation skipped.'
> create_site: looks like there is no Samba4 on
> ldap/master='dc-master.univention.de', site creation skipped.
> + SITE_OPTION=--site=UNI
> 
> 
> ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file
> or directory
> ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend
> 'tdb': Unable
> to open tdb '/var/lib/samba/private/secrets.ldb': N
> o such file or directory
> Could not find machine account in secrets database: Failed to fetch machine
> account
> password for UNIVENTION from both secrets.ldb (Could not op
> en secrets.ldb) and from /var/lib/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - 
> <00002030:
> objectclass: Cannot add CN=dc-slave,CN=Servers,CN=UNI,CN=Site
> s,CN=Configuration,DC=univention,DC=de, parent does not exist!> <>
Comment 2 Felix Botner univentionstaff 2023-05-25 11:37:59 CEST
Where is univention-s4-connector installed?
Comment 3 Mirac Erdemiroglu univentionstaff 2023-05-25 11:51:42 CEST
Workaround:
Set this UCRV on the system you want to join and the entry, have to be the system, where samba4 is installed in the domain.

ucr search samba4/dc                                                                                                                         |
samba4/dc: ucs.univention.de
If another Samba 4 domain controller joins the domain the server to join against is determined automatically by default. This variable can be used to configure a specific server.

ucr set samba4/dc=fqdn (host.domainname)

In our case, it was the Backup-Node.

After then, run "univention-run-join-scripts" so the samba join scripts runs successfully.

Running 96univention-samba4.inst                           done                                                                                                           |
Running 97univention-s4-connector.inst                     skipped (already executed)                                                                                     |
Running 98univention-pkgdb-tools.inst                      skipped (already executed)                                                                                     |
Running 98univention-samba4-dns.inst                       done                                                                                                           |
Running 98univention-samba4-saml-kerberos.inst             skipped (already executed)                                                                                     |
Running post-joinscripts hook(s):                          done
Comment 4 Mirac Erdemiroglu univentionstaff 2023-05-25 11:58:10 CEST
(In reply to Felix Botner from comment #2)
> Where is univention-s4-connector installed?

S4-connector is installed on the DC-Backup.

The join script found the correct system where the s4-connector is installed, but after the site creation.

+++ univention-ldapsearch -b dc=univention,dc=de -LLLo ldif-wrap=no '(&(univentionService=S4 Connector)(objectClass=univentionDomainController))' cn
++ ldif='dn: cn=ucsbackup,cn=dc,cn=computers,dc=univention,dc=de
cn: ucsbackup'
+++ sed -n 's/^cn: \(.*\)/\1/p'
++ s4connector_dc=ucsbackup
++ is_ucs_school_domain
++ local ldif
+++ univention-ldapsearch -LLL '(univentionService=UCS@school)' dn
++ ldif=
++ grep -q '^dn: '
++ echo ucsbackup
+ s4connector_dc=ucsbackup