42425 – ssh-login for ${DCACCOUNT}@${DCNAME} failed. Maybe you entered a wrong password.

Bug 42425 - ssh-login for ${DCACCOUNT}@${DCNAME} failed. Maybe you entered a wrong password.

Summary: ssh-login for ${DCACCOUNT}@${DCNAME} failed. Maybe you entered a wrong password.

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	Join (univention-join)
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 4.2-1-errata
Assignee:	Felix Botner
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:	45514
	Show dependency tree / graph

Reported:	2016-09-16 10:15 CEST by Florian Best
Modified:	2017-10-12 20:07 CEST (History)
CC List:	1 user (show)

See Also:	42020 43006
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.309
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016102721000059, 2016112421000535, 2016112821000359, 2016120921000115, 2017041121000839, 2017041721000417, 2017022721000652, 2017050121000034, 2017051521000099, 2017052621000103, 2017062121000512, 2017062621001084, 2017062621001173, 2017071021000201
Bug group (optional):	Error handling, External feedback
Customer ID:
Max CVSS v3 score:

Attachments
bug42425-qa.patch (1.69 KB, patch) 2017-08-28 21:25 CEST, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-09-16 10:15:21 CEST

Version: 4.1-3 errata268 (Vahr)

We received the following feedback:
Domäneneinrichtung (Dies kann einige Zeit dauern): ssh-login for Administrator@ac001c01.deac.****** failed. Maybe you entered a wrong password.

We should check this prior to starting the setup wizard.

Comment 1 Florian Best

2016-10-28 12:12:51 CEST

Reported again, 4.1-3 errata318 (Vahr)

Comment 2 Florian Best

2016-12-09 17:19:40 CET

Version: 4.1-4 errata332 (Vahr)

Remark: Attempting to deploy new UCS server to existing AD domain failed

Domain setup (this might take a while): ssh-login for Administrator@ad2.*****.local failed. Maybe you entered a wrong password.

Comment 3 Florian Best

2016-12-09 17:21:33 CET

Version: 4.1-4 errata332 (Vahr)

Remark: Fehler tritt bei DHCP und bei statischer IP auf.
Server ist definitiv erreichbar (Win 2012, AD 2012).
AD-Anmeldekonto ist Dom-Admin, Kennwort ist korrekt.

Domäneneinrichtung (Dies kann einige Zeit dauern): ssh-login for ******@ss2-dc4.*********.de failed. Maybe you entered a wrong password.

Comment 4 Florian Best

2016-12-09 17:30:26 CET

Reported again, 4.1-4 errata353 (Vahr)

Remark: normale installation als dc slave auf VMware-vorlage "anderes Linux 64bit"; keine auswahl von AD Paketen möglich, dann SSH login versuch mit meinem AD-Account
(Administrator) ???

Domäneneinrichtung (Dies kann einige Zeit dauern): ssh-login for *******@ucs.******.local failed. Maybe you entered a wrong password.

Comment 5 Florian Best

2017-04-18 11:57:06 CEST

Version: 4.2-0 errata0 (Lesum)

Comment 6 Florian Best

2017-04-18 11:58:24 CEST

Version: 4.2-0 errata1 (Lesum)

Comment 7 Florian Best

2017-04-21 11:46:43 CEST

Version: 4.1-4 errata404 (Vahr)

Comment 9 Florian Best

2017-05-05 15:25:42 CEST

The reporter did the installation + report twice, therefore I increase the user pain.

Comment 10 Florian Best

2017-05-16 13:05:26 CEST

Version: 4.2-0 errata15 (Lesum)

Comment 11 Florian Best

2017-05-30 10:48:26 CEST

Reported again, 4.2-0 errata25 (Lesum)

Comment 12 Florian Best

2017-06-23 17:23:44 CEST

Reported again, 4.1-4 errata429 (Vahr)

Comment 13 Florian Best

2017-06-27 10:12:40 CEST

Reported again, 4.2-1 errata52 (Lesum)

Comment 14 Florian Best

2017-06-27 10:13:26 CEST

Reported again, 4.2-1 errata52 (Lesum)

Comment 15 Stefan Gohmann

2017-06-28 06:50:15 CEST

Mark all bugs with a user pain > 0.3 as errata bugs.

Comment 16 Florian Best

2017-07-14 13:58:52 CEST

Reported again, 4.2-1 errata52 (Lesum)

Comment 17 Florian Best

2017-08-15 09:09:27 CEST

Reported again, 4.2-1 errata131 (Lesum)
#2017081021000182

Comment 18 Felix Botner

2017-08-23 14:04:58 CEST

(In reply to Florian Best from comment #0)
> Version: 4.1-3 errata268 (Vahr)
> 
> We received the following feedback:
> Domäneneinrichtung (Dies kann einige Zeit dauern): ssh-login for
> Administrator@ac001c01.deac.****** failed. Maybe you entered a wrong
> password.
> 
> We should check this prior to starting the setup wizard.

ApplianceWizard.js already checks this. 

univention-join now prints the univention-ssh output in case the connections fails and some more info ...


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  The ssh-login to Administrator@master.w2k12.test failed with "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).". Please make sure the account Administrator is a member of the Domain Admins group!
**************************************************************************

i don't know what else to do here

univention-join r82429 errata4.2-1

Comment 19 Florian Best

2017-08-24 13:38:57 CEST

Version: 4.2-1 errata52 (Lesum)

Remark: Hallo.
Evtl. können Sie mir hierzu Hilfestellung geben. Das Passwort ist definitiv richtig.

2017082421000512

Comment 20 Arvid Requate

2017-08-28 21:25:07 CEST

Created attachment 9149 [details]
bug42425-qa.patch

sed doesn't deal with multiline that way, maybe just use bash variable operations as shown in the attached patch. Quoting is not required for 'foo=$(cmd)' and the more readable without.

Comment 21 Felix Botner

2017-08-29 16:12:07 CEST

(In reply to Arvid Requate from comment #20)
> Created attachment 9149 [details]
> bug42425-qa.patch
> 
> sed doesn't deal with multiline that way, maybe just use bash variable
> operations as shown in the attached patch. Quoting is not required for
> 'foo=$(cmd)' and the more readable without.

-> ping_out="$(ping -q -c 3 "10.200.7.88" 2>&1)"
-> echo "$ping_out" 
PING 10.200.7.88 (10.200.7.88) 56(84) bytes of data.

--- 10.200.7.88 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2053ms
pipe 3

-> ping_out="$(echo $ping_out | sed -e 's/[\r\n]//g')"
-> echo "$ping_out"
PING 10.200.7.88 (10.200.7.88) 56(84) bytes of data. --- 10.200.7.88 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2053ms pipe 3

Comment 22 Felix Botner

2017-08-29 16:37:14 CEST

(In reply to Arvid Requate from comment #20)
> Created attachment 9149 [details]
> bug42425-qa.patch
> 
> sed doesn't deal with multiline that way, maybe just use bash variable
> operations as shown in the attached patch. Quoting is not required for
> 'foo=$(cmd)' and the more readable without.

yep, your are right, the echo $ping_out removed the newlines, not sed

changed now to echo "$.._out" | tr '\n' ' ' | tr '\r' ' '

univention-join r82520
errata4.2-1

Comment 23 Arvid Requate

2017-08-29 18:35:18 CEST

Ok, my patch suggested to fix the sed expression in

 cat /etc/resolv.conf | sed -ne 's/nameserver //p'

too: the sed not anchored and and it expects resolv.conf to have a single space training "nameserver" for all future times and not a tab.

Btw: tr '\n\r' ' ' should also work according to the manpage.

Works:

Without DNS:

**************************************************************************
* Message:  The UCS master server's name "foobar.ar41i1.qa" is unknown to the DNS servers (dns servers:  10.200.8.11 10.200.8.10, nslookup: Server:             10.200.8.11 Address:   10.200.8.11#53  ** server can't find foobar.ar41i1.qa: NXDOMAIN ).
**************************************************************************

and without network:

**************************************************************************
* Message:  The UCS master server "master10.ar41i1.qa" is not reachable, ping failed (ping ipv4: PING master10.ar41i1.qa (10.200.8.10) 56(84) bytes of data.  --- master10.ar41i1.qa ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2046ms , ping ipv6: unknown host ).
**************************************************************************

Comment 24 Arvid Requate

2017-08-30 16:29:37 CEST

<http://errata.software-univention.de/ucs/4.2/149.html>