Univention Bugzilla – Bug 32461
Group creation via base.ldif
Last modified: 2017-03-02 13:54:54 CET
While setting up the DC master local and well-known samba groups are created. These generation should be moved to the samba 4 provisioning. Some groups should be still created during base.ldig for example Domain Users, Domain Admins, Printer-Admins ...
Most groups are now created within the initial sync of the s4 connector. Some other pseudo groups are created via the samba 4 join script. Test cases: - tests/51_samba4/30well-known-sids - tests/52_s4connector/010_sync_group_type - tests/52_s4connector/011_sync_local_group_membership univention-ldap: r44727, r44760, r44765, r45022 univention-samba4: r45020 univention-s4-connector: r44761 Changelog: r45023
1) Normal Samba groups moved from base.ldif: * OK, SIDs are still the same. These groups are now created in UCS during Sync from Samba4. * "Power Users" not created any longer in new installations. * "System Operators" are called "Server Operators" in Samba4: On Updates the UCS name stays "System Operators" In new installations it is "Server Operators". * "Replicators" are called "Replicator" in Samba4: On Updates the UCS name stays "Replicators" In new installations it is "Replicator". The renamings did not cause problems for joining a new UCS 3.2-0 Samba4 DC Slave into an updated domain. Only one open point: * These groups used to be created with "sambaGroupType: 5" (builtin) Now the S4-Connector creates them with "sambaGroupType: 2" (domain) Since the AD groupType is "-2147483643" (builtin/local) it might be more consistent to adjust the S4 Connector sync to write "sambaGroupType: 5" 2) Pseudo-Groups moved from base.ldif: * OK, SIDs are still the same. These groups are now created by the univention-samba4 joinscript: Authenticated Users, World Authority, Everyone, Null Authority, Nobody On new installations these groups are put into the UCR Variable connector/s4/mapping/group/ignorelist * New position for Pseudo-Groups is cn=Builtin for new installations, position stays cn=groups on updates * Changelog OK
Created attachment 5530 [details] output of ucs-test 30well-known-sids on updated system The test case 30well-known-sids fails on an DC master updated from UCS 3.1-1, looks like due to the name changes "Replicator" and "Server Operators".
(In reply to Arvid Requate from comment #3) > Created attachment 5530 [details] > output of ucs-test 30well-known-sids on updated system > > The test case 30well-known-sids fails on an DC master updated from UCS > 3.1-1, looks like due to the name changes "Replicator" and "Server > Operators". OK, test case modified.
Ok.
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".