Univention Bugzilla – Bug 31578
Slave PDC sysvol Policies GPO ownership not correct after setup via UCS@school wizard
Last modified: 2013-06-07 21:40:44 CEST
On a UCS@school 3.1-R2 Samba4 Slave PDC setup via ucs-school-umc-installer wizzard: ======================================================================== root@slave82:~# ls -l /var/lib/samba/sysvol/arschool31r2.qa/Policies/ insgesamt 16 drwxrwx---+ 4 3000008 3000008 4096 29. Mai 17:24 {31B2F340-016D-11D2-945F-00C04FB984F9} drwxrwx---+ 4 3000008 3000008 4096 29. Mai 17:24 {6AC1786C-016F-11D2-945F-00C04FB984F9} ======================================================================== all joinscripts had been executed. A manual sysvolreset fixes this: ======================================================================== root@slave82:~# samba-tool ntacl sysvolreset WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. root@slave82:~# ls -l /var/lib/samba/sysvol/arschool31r2.qa/Policies/ insgesamt 16 drwxrwx---+ 4 Administrator Domain Admins 4096 29. Mai 17:24 {31B2F340-016D-11D2-945F-00C04FB984F9} drwxrwx---+ 4 Administrator Domain Admins 4096 29. Mai 17:24 {6AC1786C-016F-11D2-945F-00C04FB984F9} ======================================================================== Comparing this with a standard UCS 3.1-1 Master installation of univention-s4-connector: * univention-install univention-s4-connector * sysvol Policies GPO folder ownership is 3000008 * univention-run-join-scripts runs 98univention-samba4-dns.inst (sysvolreset) * ownerships fixed.
The situation is also OK in an UCS@school 3.1-R2 Samba4 multi-DC environment with Samba4 preinstalled on the Master: In this case the following steps were performed to set up the UCS@school 3.1-R2 Samba4 DC Master: * univention-install univention-s4-connector * sysvol Policies GPO folder ownership is 3000008 * No manual run of univention-run-join-scripts * univention-install ucs-school-umc-installer * Run UCs@school wizzard for multi-school environment * this also runs 98univention-samba4-dns.inst (sysvolreset) * ownerships fixed. On subsequent wizzard-guided installations of UCS@school Samba4 Slave PDCs they (probably) pull the sysvol with the correct permissions from the master after 96univention-samba4.inst initially created them with 3000008. In the end the permissions were ok everywhere.
A note was added to the release notes. Bug 31640 created to track down the actual issue.
(In reply to Arvid Requate from comment #2) > A note was added to the release notes. Bug 31640 created to track down the > actual issue. Bug has been created. Release notes have been updated. → VERIFIED
UCS@school 3.1 R2 has been released: http://download.univention.de/doc/release-notes-ucsschool-3.1-rev2.pdf If this error occurs again, please use "Clone This Bug".