Bug 32041 - provide printers via gpo doesn't work when gpo is created at dc master central location
provide printers via gpo doesn't work when gpo is created at dc master centra...
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Samba 4
unspecified
Other Linux
: P5 normal (vote)
: UCS@school 4.1 Errata
Assigned To: Felix Botner
Arvid Requate
:
: 33790 (view as bug list)
Depends on: 40298
Blocks: 40300 40459
  Show dependency treegraph
 
Reported: 2013-07-23 10:04 CEST by Tim Petersen
Modified: 2016-01-19 15:54 CET (History)
5 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Petersen univentionstaff 2013-07-23 10:04:51 CEST
Please see ticket #2013071721001785 for more detail:

You have the possibility to provide printers per user via gpo. This is working when the gpo's are created at school locations, but does not fully work when they are created at the master location. The master itself uses samba 4 within its school-environment and is intended to be used for a central gpo management.
Comment 1 Christina Scheinig univentionstaff 2015-12-03 15:27:03 CET
Most likely the same Problem with UCS@School in Version 4.0.4. See Ticket #2015112521000455
Comment 2 Felix Botner univentionstaff 2015-12-15 15:27:09 CET
*** Bug 33790 has been marked as a duplicate of this bug. ***
Comment 3 Felix Botner univentionstaff 2015-12-18 15:52:32 CET
ucs-school-ldap-acls-master: 
changed 65ucsschool ldap acl's. slaves are allowed to write objectClass=msPrintConnectionPolicy objects "cn=policies,cn=system,@%@ldap/base@%@" subtree

ucs-school-metapackage:
Set connector/s4/mapping/msprintconnectionpolicy?yes as default for all roles.

I did NOT update the ucs@school app yet.
Comment 4 Felix Botner univentionstaff 2016-01-11 14:45:25 CET
Dependency:

Univention Corporate Server 4.1 erratum 39 (https://forge.univention.org/bugzilla/show_bug.cgi?id=40298)

Changelog:

ucs-school-ldap-acls-master:
The LDAP ACL's have been modified to allow school slave's to update printConnectionPolicy objects (to provide printers via Group Policies).

ucs-school-metapackage:
The synchronization of printConnectionPolicy objects (to provide printers via Group Policies) has been enabled for all server roles. The synchronization can be disabled by setting the UCR variable connector/s4/mapping/msprintconnectionpolicy to false.
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2016-01-13 14:09:29 CET
As discussed with Felix: UCS@school supports the possibility to convert a single master environment into a multi server environment. This is why 
62ucs-school-singlemaster.inst should also sync the msPrintConnectionPolicy objects → REOPEN
Comment 6 Felix Botner univentionstaff 2016-01-13 15:17:57 CET
Added update code to ucs-school-master.postinst, ucs-school-nonedu-slave.postinst, ucs-school-singlemaster.postinst and ucs-school-slave.postinst to resync msPrintConnectionPolicy objects from s4 (master, slave) and openldap (slave).
Comment 7 Arvid Requate univentionstaff 2016-01-14 21:12:06 CET
univetion-upgrade with update/secure_apt=no and the buildsystem repo in /etc/apt/sources.list gave this:


Holen: 6 http://192.168.0.10/build2/ ucs_4.1-0-ucs-school-4.1/all/ ucs-school-master 8.0.1-5.167.201601121627


Yet, this is what repo-ng says:

arequate@omar:~$ repo-stat.py ucs-school-master
[...]
8.0.1-6 imported on 2016-01-13 15:15:47.944194
 Included in scope ucs-school-4.1 for release tag 4.1-0-0 (77644)


Last buildsystem mail was "Accepted ucs-school-metapackage 8.0.1-6", so I guess it has never been built. To keep bureaucracy at bay I did this:

arequate@dimma:~$ b41-scope ucs-school-4.1 ucs-school-metapackage
Comment 8 Arvid Requate univentionstaff 2016-01-14 22:57:00 CET
Verified:

I tested with UCS@school 4.1 v1 on UCS 4.1-0 errata55 (official repos)

1. Setup: Multimaster with Samba/AD manually postinstalled on the Master.

   * Existing msPrint-ConnectionPolicy has been automatically synchronized from
   Master Samba/AD to OpenLDAP during Master package upgrade.

   * Existing msPrint-ConnectionPolicy has been automatically synchronized from
   Master OpenLDAP to Slave Samba/AD during Slave package upgrade.

   * Existing msPrint-ConnectionPolicy has been automatically synchronized from
   Slave Samba/AD to OpenLDAP to Master Samba/AD during Slave package upgrade.

   * Finally, the user-targeted GPO was applied to the pupil logging on to the
     Windows client. After working around Bug 40435 and rebooting, the machine-
     focussed GPO was applied as well and both printers got connected.

2. Setup: Singlemaster with Samba/AD

   * Existing msPrint-ConnectionPolicy has been automatically synchronized from
   Master Samba/AD to OpenLDAP during Master package upgrade.

   * User-targeted GPO was applied to the pupil logging on to the
     Windows client. After working around Bug 40435 and rebooting, the machine-
     focussed GPO was applied as well and both printers got connected.
Comment 9 Sönke Schwardt-Krummrich univentionstaff 2016-01-17 23:30:10 CET
UCS@school 4.1 v4 has been released.

If this error occurs again, please use "Clone This Bug".