- FAQ Home
- All categories
- Univention Corporate Server (UCS)
- Univention Corporate Client (UCC)
Records in this category
Complete rebuild of a UCS system on new hardware
Following, for example, hardware damage, a UCS-System is only available as a backup. How can the system be restored?
A disaster recovery can be performed for a system completely saved via unidump, as described in the handbook. However, if the data are saved externally, the following steps may help to restore the system in the same configuration on new hardware. The steps refer to a UCS domain controller master master with Samba installed.
The instructions are set out as guidelines. The correct functioning of all services, in particular those which do not appear here, should be checked at the end.
The profile saved under /etc/univention/installation_profile on the old system can be used to install a system with the same settings and the same UCS version on new hardware. After installation, the restart must be performed as prompted.
2. Stopping services
As many services as possible should be stopped for the restoration (via "/etc/init.d/ stop" or the Univention Management Console), in particular samba, slapd, univention-dhcp, univention-bind, univention-bind-proxy, univention-directory-listener and univention-directory-notifier.
3. Restore of configuration files managed through Univention Configuration Registry
The "/etc/univention/base.conf" file contains the status of the Univention Configuration Registry variables. The configuration of the newly restored system must also be recreated using this file. This is done using "univention-configuration-registry commit".
4. Restore of Samba settings
Internal information from Samba is saved in the /var/lib/samba directory, which should be completely restored. In addition, of course, the directory shares (e.g., /home).
5. Restore of LDAP data
The /var/lib/univention-ldap directory contains the information from the LDAP database and must be completely restored.
6. Reinitialise Univention Directory Listener
The Univention Directory Listener must be reinitialised so that the LDAP settings for the computers are exported again (e.g., directory shares). As the service is already stopped, the contents of the /var/lib/univention-directory-listener/ directory can be deleted. The initialisation is performed automatically the next time it is started.
7. Reset LDAP passwords
When accessing the LDAP, services use their own passwords, for this purpose the /etc/ldap.secret and /etc/machine.secret files must be restored.
8. Restart services
The services should be restarted in the following order: slapd, then univention-directory-notifier and univention-directory-listener, and finally the other stopped services. If access to the system via ssh or local log-in is still possible, the computer should be restarted.
Prior to these steps, a backup should be made of the newly installed system for comparison.To locate and avoid errors, the log files should be checked for errors after the services are started.After the restoration of the master, it should be checked whether the LDAP replication to the other systems restarts. Some of the systems’ passwords may have been changed since the back-up. Other services and computers which are not functioning should be rejoined as far as possible (also applies for managed clients and Windows systems, which cause problems).The restoration can also be used on other UCS systems: however, in this case alongside steps 1 and 3 the system need only be rejoined (univention-join). In addition, the user data must of course be restored.
- Troubleshooting Windows Domain-Join
- Changing the primary DNS suffix of a Windows 2008 / Windows 7 system
- Message: rlimit_max (1024) below minimum Windows limit (16384)
- Re-Provisioning Samba4 on a DC Master
- Samba 4 - RID Pool renewal
13230/59%Last update: 2011-03-01 14:03
You can comment this FAQ