Univention Bugzilla – Bug 39068
Join hangs because of upper/lowercase mismatch
Last modified: 2017-01-20 11:40:32 CET
I'm not sure if this is "only" a univention-ssl-issue or more generic: A technical training attendee created a UCS system (DC Slave) via the UMC. The hostname contained at least one uppercase letter (e.g. "ucs-Slave1"). The attendee then installed the DC Slave, but specified an all lowercase hostname (e.g. "ucs-slave1"). The rest of the installation went fine, and even the subsequent join started, but ran into a loop while trying to receive the host certificate. The path on the master was created with uppercase: > /etc/univention/ssl/ucs-Slave1.example.org > /etc/univention/ssl/ucs-Slave1 While the system was searching for: > /etc/univention/ssl/ucs-slave1.example.org > /etc/univention/ssl/ucs-slave1 I guess the join should not have started at all because of the case mismatch?
Might be caused by Bug #37816 ? We can do a "hostname = hostname.lower()" in the UMC backend of system-setup.
Ticket#2016090521000405
The Listener module uses the casing from LDAP, while the host tries to find the certificate using his writing. 4.1-4: r74975 | Bug #39068 join: Strip root DNS zone r74974 | Bug #39068 join: Use hostname from LDAP r74973 | Bug #39068 join: Only used 1st entry 4.2-0: r74983 | Bug #39068 join: Strip root DNS zone r74982 | Bug #39068 join: Use hostname from LDAP r74981 | Bug #39068 join: Only used 1st entry YAML: r74976 | Bug #39068,Bug #39179,Bug #42837: SSL Package: univention-join Version: 8.0.4-6.520.201612051533 Branch: ucs_4.1-0 Scope: errata4.1-4 QA: ucr set hostname=$(ucr get hostname|tr '[:upper:][:lower:]' '[:lower:][:upper:]') univention-join FYI: If the casing of $domainname does not match, things go wrong very bad - not touched!
The join.log now throws the following error: univention-server-join: joins a server to an univention domain copyright (c) 2001-2016 Univention GmbH, Germany ldap_dn="cn=slave094,cn=dc,cn=computers,dc=autotest094,dc=local" Traceback (most recent call last): File "<stdin>", line 13, in <module> IOError: [Errno 2] No such file or directory: '/etc/machine.secret' Setting hostname See here: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s3,Systemrolle=slave/ws/join.log This is recognized by the test case 99check_log_files: http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-4/job/AutotestJoin/SambaVersion=s3,Systemrolle=slave/lastCompletedBuild/testReport/00_checks/99check_log_files/test/ I guess these changes are responsible for the error. One other comment while reading you comment: (In reply to Philipp Hahn from comment #3) > r74975 | Bug #39068 join: Strip root DNS zone Does it have something to do with this bug? If not, please file a new bug and fix it through the new bug. If yes, I'm fine with it.
(In reply to Stefan Gohmann from comment #4) > The join.log now throws the following error: > > univention-server-join: joins a server to an univention domain > copyright (c) 2001-2016 Univention GmbH, Germany > > ldap_dn="cn=slave094,cn=dc,cn=computers,dc=autotest094,dc=local" > Traceback (most recent call last): > File "<stdin>", line 13, in <module> > IOError: [Errno 2] No such file or directory: '/etc/machine.secret' > Setting hostname This is triggered by ucr set ldap/hostdn=... while /etc/machine.secret does not yet exists. The culprit is ucr commit /etc/postgresql/pam_ldap.conf > I guess these changes are responsible for the error. UCS-4.1-4: r75074 | Bug #39068 join: Only update hostane and hosdn after /etc/machine.secret YAML: r75075 | Bug #39068 join: Only update hostane and hosdn after /etc/machine.secret YAML UCS-4.2-0: r75076 | Bug #39068 join: Only update hostane and hosdn after /etc/machine.secret Package: univention-join Version: 8.0.4-7.521.201612071726 Branch: ucs_4.1-0 Scope: errata4.1-4 > One other comment while reading you comment: > > (In reply to Philipp Hahn from comment #3) > > r74975 | Bug #39068 join: Strip root DNS zone > > Does it have something to do with this bug? If not, please file a new bug > and fix it through the new bug. If yes, I'm fine with it. Found while testing my change: any decent UNIX tool understand how to handle an explicit trailing dot; UCS doesn't and breaks badly.
OK - normal join (no computer object in ldap) OK - join "backup" with object BackUP present -> hostname BackUP OK - join BACKUP with object backup present -> hostname backup OK - code OK - YAML OK - merged to 4.2-0 I removed 3 from the yaml version (4.1-3 is no longer maintained)
<http://errata.software-univention.de/ucs/4.1/362.html>