Univention Bugzilla – Full Text Bug Listing |
Summary: | (Re-)join of DC Backup fails if S4 is not installed on DC Master | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Samba4 | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | botner, gohmann, michelsmidt, requate, thorp-hansen |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.103 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2016062721000076 | Bug group (optional): | Workaround is available |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 44885 |
Description
Philipp Hahn
2015-08-21 12:51:45 CEST
happened again at Ticket#2016062721000076 - I try to reproduce it in a testing environment and update the bug with the environment for reference verified in test environment master: .42.176 backup: .42.174 - fresh install both servers - install S4 on backup - root@ucs-5241:~# univention-join -verbose Configure 96univention-samba4.inst failed ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: FAILED: 96univention-samba4.inst ************************************************************************** root@ucs-5241:~# join log -verbose (abridged) ... ... ... distinguishedName: CN=RID Set,CN=UCS-5241,OU=Domain Controllers,DC=acheron,DC=intranet # returned 1 records # 1 entries # 0 referrals' ++ sed -n 's/^rIDAllocationPool: //p' + old_rIDAllocationPool=1100-1599 ++ sed -n 's/^rIDPreviousAllocationPool: //p' + old_rIDPreviousAllocationPool=1100-1599 ++ sed -n 's/^rIDNextRID: //p' + old_rIDNextRID=1110 + mv /var/lib/samba /var/lib/samba_backup_20160628135620 + rsync -a --exclude '/private/*' /var/lib/samba_backup_20160628135620/ /var/lib/samba + samba_domain_join --keep-existing + local success + local samba_join_options + samba_join_options=("${@}") + samba_join_options+=(--kerberos=no) + samba_join_options+=(-U"$dcaccount"%"$bindpwd") + samba_join_options+=(--realm="$kerberos_realm") + samba_join_options+=(--machinepass="$(cat /etc/machine.secret)") ++ cat /etc/machine.secret + '[' -n '' ']' + univention-config-registry set 'windows/wins-support?no' Not updating windows/wins-support + '[' -n '' ']' + samba-tool domain info acheron.intranet ERROR: Invalid IP address 'acheron.intranet'! + '[' -z '' ']' + cn=($(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p' )) ++ sed -n 's/^cn: \(.*\)/\1/p' ++ ldapsearch-wrapper ++ ldapsearch -x -ZZ -LLL -D cn=ucs-5241,cn=dc,cn=computers,dc=acheron,dc=intranet -y /etc/machine.secret '(&(univentionService=Samba 4)(objectClass=univentionDomainController))' cn + for name in '"${cn[@]}"' + samba-tool domain info ucs-5241.acheron.intranet ERROR: Invalid IP address 'ucs-5241.acheron.intranet'! + '[' -z '' ']' + echo 'Failed to join the domain.' Failed to join the domain. + exit 1 + '[' 1 -ne 0 ']' + echo -e '\033[60Gfailed' ++ basename /usr/lib/univention-install/96univention-samba4.inst + failed_message 'FAILED: 96univention-samba4.inst' + echo '' + echo '' + echo '**************************************************************************' + echo '* Join failed! *' + echo '* Contact your system administrator *' + echo '**************************************************************************' + echo '* Message: FAILED: 96univention-samba4.inst' + echo '**************************************************************************' + exit 1 + trapOnExit + rm -rf /tmp/tmp.TGaQBdAP0A + '[' -n true -a true = true ']' + '[' -n 2 ']' + ucr set listener/debug/level=2 Setting listener/debug/level File: /etc/runit/univention-directory-listener/run ++ LC_ALL=C ++ date + echo 'Tue Jun 28 13:56:22 CEST 2016: finish /usr/sbin/univention-join' Tue Jun 28 13:56:22 CEST 2016: finish /usr/sbin/univention-join Workaround: remove the univentionService: Samba 4 attribute from the backup. Fix: 96univention-samba4.inst +850 ## check if we there already is a **domaincontroller** providing the service "Samba 4" samba4servicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \ | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc This also finds the currently rejoining server. The join script than executes a domain join instead of a fresh samba provisioning. We have to ignore the join system in this ldap search: ## check if we there already is a **domaincontroller** providing the service "Samba 4" samba4servicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ - "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \ + "(&(univentionService=${NAME})(objectClass=univentionDomainController)(!(cn=$(hostname))))" cn \ | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc I guess setting samba4/provision/secondary=yes in UCR would also work around this. I've added a check if the local system is the S4 Connector system. In this case the system is re-configured as first Samba 4 DC and all other Samba 4 DCs need to be rejoined again: r73151 I'll give our Jenkins environments a first test run. (In reply to Stefan Gohmann from comment #5) > I've added a check if the local system is the S4 Connector system. In this > case the system is re-configured as first Samba 4 DC and all other Samba 4 > DCs need to be rejoined again: r73151 > > I'll give our Jenkins environments a first test run. Looks good. I've also tested manual installations and rejoins. Verified: * Patch ok and merged to UCS 4.2 * Rejoin works * Advisory: Ok |