Univention Bugzilla – Bug 31438
Make sysvol readable for members of the group "Enterprise Domain Controllers"
Last modified: 2013-06-07 21:39:34 CEST
In two special cases one of the UCS@School Samba4 Slave PDCs will have to create the group "Enterprise Domain Controllers": * if no S4 Connector is running in the central school epartement * if the errata update for Bug 31437 was not installed on the Master/Backup yet +++ This bug was initially created as a clone of Bug #31437 +++ The changes of Bug 31271 demand that a different way for sysvol synchronization is created: The group "Enterprise Domain Controllers" needs to be created with its propper builtin SID (S-1-5-9) and all currently registered samba4 DC need to be added. After waiting for samba4-idmap to write the updated mapping to idmap.ldb, samba-tool ntacl sysvolreset should be called to re-create the fACLs from the directory-NTACLs.
The current solution reuses univention-samba4 shell library code and thus declares a versioned dependency on unviention-samba4. The helper joinscript 98univention-samba4slavepdc-dns.inst was used for this purpose, because administrative credentials are required. The joinscript version needed to be increased. Changelog adjusted.
After the installation of UCS@school on a master and a slave, the group "Enterprise Domain Controllers" exists and the slave is member of the group. Changes → OK Changelog → OK → VERIFIED
UCS@school 3.1 R2 has been released: http://download.univention.de/doc/release-notes-ucsschool-3.1-rev2.pdf If this error occurs again, please use "Clone This Bug".