Bug 34910 – DDNS update with wrong ownersid

Bug 34910 - DDNS update with wrong ownersid


Summary:	DDNS update with wrong ownersid

Status:	CLOSED DUPLICATE of bug 39806

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-1-errata
Assigned To:	Lukas Oyen
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	39806
Blocks:
	Show dependency tree / graph

Reported:	2014-05-22 07:17 CEST by Stefan Gohmann
Modified:	2018-03-15 08:24 CET (History)
CC List:	2 users (show)

See Also:	33637
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2014051921010488
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2014-05-22 07:17:12 CEST

Ticket #2014051921010488 (2 S4 DCs and one Windows 8.1 client)

It happens from time to time that the DNS record of a new joined windows client has as owner not the windows client:

nTSecurityDescriptor: O:DAG:DAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWP

Thus the windows client is unable to update the DNS record.

Comment 1 Stefan Gohmann

2014-07-06 17:05:15 CEST

It doesn't happen so often.

Comment 2 Arvid Requate

2016-11-04 16:12:07 CET

I guess the S4-Connector might have made the last modification. The DNS mapping is not perfect and doesn't detect that some changes are not required.

Comment 3 Lukas Oyen

2017-05-03 15:35:00 CEST

I am unable to reproduce the problem with a modification throught the S4-Connector, but a manually created DNS forward-zone with `ldbadd` before joining the Windows client reproduces the ownership mismatch.

https://forge.univention.org/bugzilla/attachment.cgi?id=8773 from bug #39806 implements escalation to system-privileges within the bind9 dlz module, if the requesting host matches the forward-zone. This fixes the issue I can reproduce.

Marking as dependent on bug #39806.

Comment 4 Arvid Requate

2017-06-22 11:41:46 CEST

IMHO that's fixed with Bug 39806.

Comment 5 Lukas Oyen

2017-06-22 14:26:24 CEST


*** This bug has been marked as a duplicate of bug 39806 ***

Comment 6 Stefan Gohmann

2018-03-15 08:24:43 CET

Nothing to release.