Univention Bugzilla – Bug 40442
Need for 'dhcpd/authoritative=yes' in ucs-school-webproxy.postinst?
Last modified: 2020-01-07 13:03:21 CET
I updated from UCS@school 4.1v1 to UCS@school 4.1v3 and the UCR variable was reset during the update. It is not clear to me why the UCR variable "dhcpd/authoritative" is set to "yes" in the postinst script of ucs-school-webproxy. Going from the name, dhcpd should not be in direct connection to the proxy system. What wonders me most is that the variable is set to yes, regardless of former configuration. During the update, extract from /var/log/univention/config-registry.replog: 2016-01-15 12:19:21: set dhcpd/authoritative=yes old:no
In the past Windows used the wpad/proxy settings only from authoritative DHCP servers. I don't known if this is still the case. At least, the variable should only be set to "yes" during a fresh installation. Since the variable default is "no", setting it via "?yes" is no option. Next question ist: do we still need the authoritative flag?
ucs-school-webproxy automatically configures the DHCP server to provide option 252 for setting an URL for proxy config. In the past, "dhcpd/authoritative=yes" was required, otherwise the option was ignored. Please check if windows IE requires the "dhcpd/authoritative=yes" to accept the proxy config URL from DHCP server. Please test with windows 8 and 10.
I just confirmed that Windows 7 definitively needs dhcpd/authoritative=yes to use the DHCP provided wpad configuration. It reacts quiet fast to it: After changing the server from authoritative to non-authoritative and then doing a ------------------------- ipconfig /release ipconfig /renew ------------------------- Win7 pulls the proxy.pac directly after the DHCPACK, like it does with authoritative. Like 20 seconds later the server receives a DHCPINFORM from Win7 telling it "btw: you are not authoritative". In that moment Win7 stops using the proxy.pac. To check results read Apaches access.log, syslog, try IE and in Chrome open chrome://net-internals/#proxy Will try with Win8 and Win10 next.
Both Win8) and Win10 (and probably Win8.1 do NOT need the DHCP server to be the authoritative one for their network, to accept the wpad DHCP-option. After receiving a DHCPACK both do a HTTP-request to the proxy.pac with an agent-string "WinHTTP-Autoproxy-Service/5.1". (Win7 didn't send an agent-string.) Result: * If you have Win < 8 in your network, you'll need dhcpd/authoritative=yes if using that method. * If all Win >= 8 or using DNS for Win<8, you don't. What now?
Ok, since Win 7 is still supported, UCS@school should work out of the box. Therefore we have to keep the authoritative flag for now. → The variable should only be set to "yes" during a fresh installation. Since the variable default is "no", setting it via "?yes" is no option. → The variable should NOT be updated during package updates.
r77497: set dhcpd/authoritative=yes only for fresh installations, remove unnecessary init dependecies of univention-reload-service Package: ucs-school-webproxy Version: 13.0.0-4A~4.2.0.201703091049 Branch: ucs_4.2-0 Scope: ucs-school-4.2 No changelog entry, as nothing changed for the user.
(In reply to Daniel Tröder from comment #6) > r77497: set dhcpd/authoritative=yes only for fresh installations, remove > unnecessary init dependecies of univention-reload-service → OK > Package: ucs-school-webproxy > Version: 13.0.0-4A~4.2.0.201703091049 > Branch: ucs_4.2-0 > Scope: ucs-school-4.2 → OK, package built > No changelog entry, as nothing changed for the user. → OK
UCS@school 4.2 v1 has been released. http://docs.software-univention.de/release-notes-ucsschool-4.2v1-de.html If this error occurs again, please clone this bug.