Bug 33638 – wrong owner sid for samba4 dns object after ad-takeover -> ddns update fails

Bug 33638 - wrong owner sid for samba4 dns object after ad-takeover -> ddns update fails


Summary:	wrong owner sid for samba4 dns object after ad-takeover -> ddns update fails

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-12-03 12:37 CET by Felix Botner
Modified:	2019-01-03 07:20 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.057
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017032721000098
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2013-12-03 12:37:10 CET

Similar to Bug #33637, but this time the owner sid of the samba4 dns objects was "S-1-5-18" (local system).

Seems that, in some circumstances, ad-takeover creates samba4 dns objects with that wrong owner_sid (must be the sid of the computer account)

Comment 1 Arvid Requate

2013-12-03 13:42:11 CET

I guess that the AD-DNS-Server used this SID to create the original DNS entry and this nTSecurityDescriptor is simply replicated unchanged to Samba4. It would be helpful to see the whole SDDL string stored in the nTSecurityDescriptor of the DNS object.

Comment 2 Stefan Gohmann

2014-02-18 21:29:09 CET

This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.

Comment 3 Stefan Gohmann

2019-01-03 07:20:46 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.