Univention Bugzilla – Bug 42022
binddn for user $DCACCOUNT not found
Last modified: 2018-11-13 15:11:00 CET
We received the feedback, that the initial setup failed with the message: Domain setup (this might take a while): binddn for user EvosysAdmin not found. Version: 4.1-3 errata234 (Vahr) Remark: Trying to join second USC Server as member server into existing UCS domain management/univention-join/univention-join:485: failed_message "binddn for user $DCACCOUNT not found. " We could enhance the message and make further checks before starting the system setup.
Reported again, 4.1-3 errata282 (Vahr)
Reported again, 4.1-3 errata282 (Vahr) Remark: Ganz normale installation zum X-ten mal mit den gleichen Problemen bei aufnahme eines Backup-Domain-Controlers. Der Administrator Account ist nach der AD-Verbindung beschädigt/verändert (schon am Domain-Master). In der Web-Konsole funktioniert nur jede 3. Anmeldung. Die AD-Sync schlägt mit Zugriffsverletzungen auf sobald diese für eine join benötigt wird. Das System ist danach unbrauchbar. Seit 1 ner Woche mit mehreren Nächten suche ich vergeblich eine Workaround. Frustierend ohne Ende. DN (****.com) und Windows-Domain (Entwickler) sind bei mir unterschiedlich (uns setze ich über F3 vorher richtig ucr set windows/domain="ENTWICKER".
Reported again, 4.1-4 errata324 (Vahr)
Reported again, 4.1-3 errata350 (Vahr) Remark: adding a domain slave to my ucs-network
Version: 4.2-0 errata15 (Lesum)
Reported again, 4.2-1 errata52 (Lesum) Role: domaincontroller_backup
Version: 4.2-1 errata122 (Lesum) Remark: Immer der gleiche Fehler, weil Ihr mit jedem Update die Leserechte von machine.secret zurücksetzt !!!!
I think as a solution we can search for the binddn of the user before starting the join process. If it's not available we can deny the further configuration.
Reported again: Version: 4.2-2 errata231 (Lesum) Domain setup (this might take a while): binddn for user Administrator not found.
Reported again: Version: 4.3-0 errata0 (Neustadt)
(In reply to Johannes Keiser from comment #10) > Reported again: Version: 4.3-0 errata0 (Neustadt) Remark: Fresh install of a UCS DC backup, UCS DC master is member of AD domain
Reported again: Version: 4.2-3 errata321 (Lesum) Remark: I am not able to join my existing domain. with owncloud appliance, there were no issue. test123 is a test-domainadmin ive created just to check if its a problem with the user Domain setup (this might take a while): binddn for user test123 not found.
How can this bug be reproduced? When entering invalid credentials for the domain administrator in the system setup I will be prompted to enter the correct ones. I did also go through an installation in AD-Member mode and did not encounter any problems.
Since I couldn't reproduce the problem I've just added an additional check to the system setup. It runs univention-join with a newly added -checkPrerequisites parameter, to see if there are any problems. The check is run when clicking "Next" on the "Domain join information" page. Since more of such checks will follow I have refactored the code a bit in the process. univention-system-setup (11.0.5-5) 38f83e9ef2d5 | Bug #42022: Merge branch 'rulmer/42022' into 4.3-1 886dc6624ecd | Bug #42022: Add changelog entry for univention-system-setup 8a407009cf7e | Bug #42022: Cleanup 1de1faf3d909 | Bug #42022: Also test if univention-join will work in system setup univention-system-setup.yaml a788f2053fb3 | Bug #42022: Update yaml file univention-join (10.0.0-16) 38f83e9ef2d5 | Bug #42022: Merge branch 'rulmer/42022' into 4.3-1 9d2733a2fbc7 | Bug #42022: Add changelog entry for univention-join d0639114a962 | Bug #42022: Add -checkPrerequisites mode for univention-join univention-join.yaml 63529a211e8a | Bug #42022: Update yaml file
The package version in univention-join.yaml has not been updated.
Thanks for the heads-up. univention-join.yaml b754411987 | Bug #42022: Update version in univention-join.yaml file
Created attachment 9594 [details] bug42022_qa.patch QA feedback: * The errors reported in the CHECK_RUN phase of univention-join are not written to join.log but only to stdout. The attached patch would fix both: a) log to join.log too and b) display the error message. If you are installing from a DVD it's pretty hard for the user to retrieve the join.log from that system (e.g. no ssh yet). * The translation for the new UMC_Errormessage is missing * The attached patch additionally adds another binddn search via GSSAPI that could help avoid the issue reported on this bug itself: Currently, in case the udm search fails, we only fall back to ldapsearch via LDAPI, which only works for root, and finally anonymous LDAP search, which is disabled by default. Both isn't likely to succeed. The GSSAPI search may also fail, but it's at least something that could possibly work for users != root.
The changes in the patch look reasonable to me and all altered commands work, so I applied the patch. The missing translation has also been added. univention-system-setup.yaml e417790c083e | Bug #42022: Update yaml file univention-system-setup (11.0.5-7) 844d790374bf | Bug #42022: Merge branch 'rulmer/42022' into 4.3-1 d683e33c46e6 | Bug #42022: Add changelog entry f04d1d0c88a0 | Bug #42022: Add translation b64d0b6eb9d2 | Bug #42022: Apply patch from QA
This breaks the install tests (samba-env, slave installation. Installation of a new slave system fails with univention-join -checkPrerequisites reported a problem. The OpenLDAP extension memberOf is activated on the UCS master (UCR variable ldap/overlay/memberof is true). In order to join this system successfully see http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-1/job/Installation%20Tests/mode=samba-env/ws/screenshots/error.png
I fixed the problem mentioned in comment #19. univention-join (10.0.0-17) b806a39beccf | Bug #42022: Fix test in -checkPrerequisites mode of univention-join univention-join.yaml 0e095ad7ac4b | Bug #42022: Update yaml file
Ok, package update and join worked, even when I temporarily break /usr/sbin/udm on the master.
Reported again: Version: 4.3-1 errata157 (Neustadt) Domain setup (this might take a while): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- binddn for user Administrator not found. Role: domaincontroller_backup
<http://errata.software-univention.de/ucs/4.3/214.html> <http://errata.software-univention.de/ucs/4.3/216.html>