Mahlzeit,
UCS Master mit 4.1-1 errata152 installiert, läuft sauber. Tut genau das, was er soll.
In der DMZ den Slave installiert mit 4.1-0 errata149
Hinweis: “Version 4.1 is available but cannot be installed. Component ‘jenkins_20160303’ is not yet available for newer release versions.”
Firewallports richtung Master sind geöffnet: 22,37,389,7389,6669,636
Dann sollte ja der Slave auch mal joinen (in der UCM übrigens das gleiche Ergebnis):
/usr/sbin/univention-join
Ergebnis:
— snip —
univention-join: joins a computer to an ucs domain
copyright © 2001-2016 Univention GmbH, Germany
Enter DC Master Account : Administrator
Enter DC Master Password:
Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-listener daemon: done
Sync ldap-backup.secret: done
Check TLS connection: done
Download host certificate: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 03univention-directory-listener.inst done
- Join failed! *
- Contact your system administrator *
- Message: FAILED: failed.ldif exists.
— snap —
Die Tipps mit dem"failed.ldif" aus sdb.univention.de/content/14/292 … found.html
bin ich durch.
Also join.log anschauen:
— snip —
return func(self,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {‘desc’: ‘Invalid credentials’}
21.04.16 08:36:56.164 LISTENER ( WARN ) : handler: quota (failed)
UNIVENTION_DEBUG_BEGIN : uldap.__open host=corny.foobar.de port=7389 base=dc=foobar,dc=de
UNIVENTION_DEBUG_END : uldap.__open host=corny.foobar.de port=7389 base=dc=foobar,dc=de
Traceback (most recent call last):
File “/usr/lib/univention-directory-listener/system/quota.py”, line 213, in handler
if _is_container_change_relevant(new, old):
File “/usr/lib/univention-directory-listener/system/quota.py”, line 139, in _is_container_change_relevant
lo = _get_ldap_connection()
File “/usr/lib/univention-directory-listener/system/quota.py”, line 116, in _get_ldap_connection
connection = univention.uldap.getMachineConnection(ldap_master=False)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 106, in getMachineConnection
lo=access(host=ucr[‘ldap/server/name’], port=port, base=ucr[‘ldap/base’], binddn=ucr[‘ldap/hostdn’], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 177, in init
self.__open(ca_certfile)
File “/usr/lib/pymodules/python2.7/univention/uldap.py”, line 219, in __open
self.lo.simple_bind_s(self.binddn, self.__encode_pwd(self.bindpw))
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 879, in simple_bind_s
res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 860, in _apply_method_s
return func(self,*args,**kwargs)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 215, in simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 483, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File “/usr/lib/python2.7/dist-packages/ldap/ldapobject.py”, line 106, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {‘desc’: ‘Invalid credentials’}
— snap —
Falsche Credentials. Aber WO? Der Rest hat ja gefunzt.
Gerne einen Tipp.
André