Univention Bugzilla – Bug 48475
duplicate MAC prevents successful join
Last modified: 2019-04-15 17:11:31 CEST
The join fails with Message "E: failed to create DC Slave (1) [E: Object exists: (mac) aa:bb:cc:dd:ee:ff]" but there is no entry in OpenLDAP that is related to the Slave (Hostname nor MAC) ============================================================ Tue Jan 15 12:41:34 CET 2019: starting /usr/sbin/univention-join -dcname srv10.schule.stadt.intranet -dcaccount Administrator -dcpwd /tmp/tmp4bBISx running version check OK: UCS version on srv10.schule.stadt.intranet is higher or equal (4.33) to the local version (4.33). Stopping slapd (via systemctl): slapd.service. Starting slapd (via systemctl): slapd.service. Tue Jan 15 12:41:46 CET 2019 univention-server-join: joins a server to an univention domain copyright (c) 2001-2018 Univention GmbH, Germany E: failed to create DC Slave (1) [E: Object exists: (mac) ac:1f:6b:77:6d:f6] ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- failed to create DC Slave (1) [E: Object exists: (mac) aa:bb:cc:dd:ee:ff] ************************************************************************** Tue Jan 15 12:41:48 CET 2019: finish /usr/sbin/univention-join ============================================================
The Environment is UCS 4.3-3 current erratum There are two interfaces with the same MAC address and it figures out that the udm command to create the object tries to add both mac addresses but fails. (see attachments) Here some additional info about the network: root@srv1:/usr/share/univention-join# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000 link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff 3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether aa:bb:cc:dd:00:11 brd ff:ff:ff:ff:ff:ff 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff inet 172.23.255.253/24 brd 172.23.255.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::ae1f:6bff:fe77:6df6/64 scope link valid_lft forever preferred_lft forever 5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:f2:f5:52:70 brd ff:ff:ff:ff:ff:ff inet 172.17.42.1/16 scope global docker0 valid_lft forever preferred_lft forever 6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000 link/ether fa:fb:fc:fd:fe:ff brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fe41:d6c2/64 scope link valid_lft forever preferred_lft forever root@srv1:/usr/share/univention-join# brctl show bridge name bridge id STP enabled interfaces br0 8000.aabbccddeeff no eno1 vnet0 docker0 8000.0242f2f55270 no
A Workaround might be to find the udm command in the log, edit it by removing duplicate mac addresses and execute it manually. If the host object is successfully created the next 'univention-join' will be successful.
The problem is that univention-join tries to add mac addresses of network bridges to the computer object. These are the same as the macs of the master interfaces, and therefore udm failes to create the object. The fix is to make univention-join only append mac addresses of "real" interfaces to the computer objects. I fixed it in git branch jahlers/48475-join-duplicate-macs.
(In reply to Jannik Ahlers from comment #4) > I fixed it in git branch jahlers/48475-join-duplicate-macs. That patch is wrong: > mac_addr="$(LC_ALL=C ip link show | grep -A 1 "eth[0-9]" | ... you MUST NOT assume that real interfaces are names "eth*"; that was true a long time ago in Linux but with persistent naming they are named "en*" ow "wl*" or whatever you configure. See <https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/> $ find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat {}/address \; See <https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net> for more details about /sys/class/net/<iface>/
(In reply to Philipp Hahn from comment #5) > (In reply to Jannik Ahlers from comment #4) > > I fixed it in git branch jahlers/48475-join-duplicate-macs. > > That patch is wrong: > > mac_addr="$(LC_ALL=C ip link show | grep -A 1 "eth[0-9]" | ... > > you MUST NOT assume that real interfaces are names "eth*"; that was true a > long time ago in Linux but with persistent naming they are named "en*" ow > "wl*" or whatever you configure. See > <https://www.freedesktop.org/wiki/Software/systemd/ > PredictableNetworkInterfaceNames/> > > $ find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat > {}/address \; > > See <https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net> > for more details about /sys/class/net/<iface>/ Thanks for the tip. I was desperate to find a better solution yesterday, but I didn't come up with anything. I pushed the new command to the branch.
To reliably reproduce the bug, you will have to add multiple network interfaces to your VM and add some bridges to them. 4.3-3: 25393bc Bug #48475: yaml 2fd2a57 Bug #48475: debian changelog a7725f8 Bug #48475: Merge branch 'jahlers/48475-join-duplicate-macs' into 4.3-3 3f46bb5 Bug #48475: use philipps better command to find real network interfaces 7102175 Bug #48475: make univention-join create computer objects with real network interfaces only Successful build Package: univention-join Version: 10.0.0-32A~4.3.0.201902221045 Branch: ucs_4.3-0 Scope: errata4.3-3 4.4: beb2b38 Bug #48475: debian changelog 2186555 Bug #48475: use philipps better command to find real network interfaces 91a51b4 Bug #48475: make univention-join create computer objects with real network interfaces only Successful build Package: univention-join Version: 11.0.1-11A~4.4.0.201902221049 Branch: ucs_4.4-0
Looks good :) Join works (with multiple bridges) -> OK Only mac from physical interfaces is added -> OK 4.4 merge -> OK Small yaml change: [4.3-3 8e09fed05e] Bug #48475: yaml -> verified
<http://errata.software-univention.de/ucs/4.3/449.html>