servus,
ich habe das gleiche pbl. in meiner testumgebung konnte mein slave der domain nicht mehr beitreten.
beide neu installiert, selbes pbl.
[code]# univention-join -dcname ucs.dei.privat -dcaccount Administrator -dcpwd /tmp/pw -verbose -type domaincontroller_slave
e
univention-join: joins a computer to an ucs domain
copyright © 2001-2016 Univention GmbH, Germany
Check DC Master: done
Stop LDAP Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-notifier daemon: done
Stopping univention-directory-listener daemon: done
Sync ldap-backup.secret: done
Check TLS connection: done
Download host certificate: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst failed
- Join failed! *
- Contact your system administrator *
- Message: FAILED: 03univention-directory-listener.inst
[/code]
listener fails weil slapd nicht läuft.
im join.log kommt vor und nach der neuinstallation folgender fehler:
# tail -n 100 /var/log/univention/join.log
(/usr/lib/univention-install/03univention-directory-listener.inst:69):
univention-config-registry set ldap/database/ldbm/dbsync=10
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
((/usr/lib/univention-install/03univention-directory-listener.inst:71):
echo
((/usr/lib/univention-install/03univention-directory-listener.inst:71):
tr A-Z a-z
(/usr/lib/univention-install/03univention-directory-listener.inst:71):
'[' '' = gssapi ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:74):
options='-o -x'
(/usr/lib/univention-install/03univention-directory-listener.inst:77):
debugLevel=1
(/usr/lib/univention-install/03univention-directory-listener.inst:78):
'[' -n 4 ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:79):
debugLevel=4
(/usr/lib/univention-install/03univention-directory-listener.inst:81):
options='-o -x -ZZ -d 4'
(/usr/lib/univention-install/03univention-directory-listener.inst:83):
options='-o -x -ZZ -d 4 -i -h ucs.dei.privat -b dc=dei,dc=privat -m /usr/lib/univention-directory-listener/system -c /var/lib/univention-directory-listener'
(/usr/lib/univention-install/03univention-directory-listener.inst:85):
'[' -n domaincontroller_backup ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:86):
'[' domaincontroller_backup = domaincontroller_master -o domaincontroller_backup = domaincontroller_backup ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:87):
/usr/sbin/univention-directory-listener -o -x -ZZ -d 4 -i -h ucs.dei.privat -b dc=dei,dc=privat -m /usr/lib/univention-directory-listener/system -c /var/lib/univention-directory-listener -D cn=admin,dc=dei,dc=privat -y /etc/ldap.secret
22.09.16 13:34:58.013 DEBUG_INIT
22.09.16 13:34:58.013 LISTENER ( INFO ) : purging cache
22.09.16 13:34:58.013 LDAP ( INFO ) : connecting to ldap://ucs.dei.privat:7389/
22.09.16 13:35:00.037 LDAP ( INFO ) : simple_bind as cn=admin,dc=dei,dc=privat
22.09.16 13:35:00.039 LDAP ( ERROR ) : ldap_simple_bind: Operations error
22.09.16 13:35:00.040 LISTENER ( WARN ) : can not connect to LDAP server ucs.dei.privat:7389
22.09.16 13:35:00.040 LISTENER ( ERROR ) : can not connect any server, exit
(/usr/lib/univention-install/03univention-directory-listener.inst:95):
exit_status=1
(/usr/lib/univention-install/03univention-directory-listener.inst:97):
univention-config-registry set ldap/database/ldbm/dbsync=
Setting ldap/database/ldbm/dbsync
Multifile: /etc/ldap/slapd.conf
(/usr/lib/univention-install/03univention-directory-listener.inst:100):
sleep 15
(/usr/lib/univention-install/03univention-directory-listener.inst:102):
'[' -f /etc/init.d/slapd ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:104):
/etc/init.d/slapd restart
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Starting ldap server(s): slapd ...failed.
57e3c1f3 /etc/ldap/slapd.conf: line 164: unknown attr "@univentionVirtualMachine" in to clause 57e3c1f3 <access clause> ::= access to <what> [ by <who> [ <access> ] [ <control> ] ]+ <what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>] <attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist> <attrlist> ::= <attr> [ , <attrlist> ] <attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children <who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ] [ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ] [dnattr=<attrname>] [realdnattr=<attrname>] [group[/<objectclass>[/<attrname>]][.<style>]=<group>] [peername[.<peernamestyle>]=<peer>] [sockname[.<style>]=<name>] [domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>] [dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]] [ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>] <style> ::= exact | regex | base(Object) <dnstyle> ::= base(Object) | one(level) | sub(tree) | children | exact | regex <attrstyle> ::= exact | regex | base(Object) | one(level) | sub(tree) | children <peernamestyle> ::= exact | regex | ip | ipv6 | path <domainstyle> ::= exact | regex | base(Object) | sub(tree) <access> ::= [[real]self]{<level>|<priv>} <level> ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage <priv> ::= {=|+|-}{0|d|x|c|s|r|{w|a|z}|m}+ <control> ::= [ stop | continue | break ] dynacl: <name>=ACI <pattern>=<attrname> slapschema: bad configuration file!.
(/usr/lib/univention-install/03univention-directory-listener.inst:107):
'[' 1 '!=' 0 ']'
(/usr/lib/univention-install/03univention-directory-listener.inst:108):
exit 1
(/usr/sbin/univention-join:168): run_join_scripts
'[' 1 -ne 0 ']'
(/usr/sbin/univention-join:169): run_join_scripts
echo -e '\033[60Gfailed'
((/usr/sbin/univention-join:170): run_join_scripts
basename /usr/lib/univention-install/03univention-directory-listener.inst
(/usr/sbin/univention-join:170): run_join_scripts
failed_message 'FAILED: 03univention-directory-listener.inst'
(/usr/sbin/univention-join:101): failed_message
echo ''
(/usr/sbin/univention-join:102): failed_message
echo ''
(/usr/sbin/univention-join:103): failed_message
echo '**************************************************************************'
(/usr/sbin/univention-join:104): failed_message
echo '* Join failed! *'
(/usr/sbin/univention-join:105): failed_message
echo '* Contact your system administrator *'
(/usr/sbin/univention-join:106): failed_message
echo '**************************************************************************'
(/usr/sbin/univention-join:107): failed_message
echo '* Message: FAILED: 03univention-directory-listener.inst'
(/usr/sbin/univention-join:108): failed_message
echo '**************************************************************************'
(/usr/sbin/univention-join:109): failed_message
exit 1
(/usr/sbin/univention-join:1): failed_message
trapOnExit
(/usr/sbin/univention-join:51): trapOnExit
rm -rf /tmp/tmp.vAiL7JlTtz
(/usr/sbin/univention-join:52): trapOnExit
'[' -n true -a true = true ']'
(/usr/sbin/univention-join:53): trapOnExit
'[' -n 2 ']'
(/usr/sbin/univention-join:54): trapOnExit
ucr set listener/debug/level=2
Setting listener/debug/level
File: /etc/runit/univention-directory-listener/run
((/usr/sbin/univention-join:57): trapOnExit
LC_ALL=C
((/usr/sbin/univention-join:57): trapOnExit
date
(/usr/sbin/univention-join:57): trapOnExit
echo 'Thu Sep 22 13:35:15 CEST 2016: finish /usr/sbin/univention-join'
Thu Sep 22 13:35:15 CEST 2016: finish /usr/sbin/univention-join
auf dem Master, ucs.dei.privat läuft slapd auf port 7389 & keinerlei meldungen im listener.log
# netstat -pant|grep slapd
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 6477/slapd
tcp 0 0 0.0.0.0:7389 0.0.0.0:* LISTEN 6477/slapd
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 6477/slapd
tcp 0 0 0.0.0.0:7636 0.0.0.0:* LISTEN 6477/slapd
tcp6 0 0 :::636 :::* LISTEN 6477/slapd
tcp6 0 0 :::7389 :::* LISTEN 6477/slapd
tcp6 0 0 :::389 :::* LISTEN 6477/slapd
tcp6 0 0 :::7636 :::* LISTEN 6477/slapd
unix 2 [ ACC ] STREAM HÖRT 30802 6477/slapd /var/run/slapd/ldapi
falls mehr logs gewünscht werden bitte bescheid sagen.
TIA
chymian