Univention Bugzilla – Bug 33638
wrong owner sid for samba4 dns object after ad-takeover -> ddns update fails
Last modified: 2019-01-03 07:20:46 CET
Similar to Bug #33637, but this time the owner sid of the samba4 dns objects was "S-1-5-18" (local system). Seems that, in some circumstances, ad-takeover creates samba4 dns objects with that wrong owner_sid (must be the sid of the computer account)
I guess that the AD-DNS-Server used this SID to create the original DNS entry and this nTSecurityDescriptor is simply replicated unchanged to Samba4. It would be helpful to see the whole SDDL string stored in the nTSecurityDescriptor of the DNS object.
This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.