Univention Bugzilla – Bug 34139
UMC wizard for AD Takeover (backend)
Last modified: 2014-04-22 06:47:34 CEST
univention-ad-takeover needs to be converted into a lib to be used in univention-management-console-module-adtakeover I have put the functions I need in takeover.py of the package along with some dummy implementation. Please fill the gaps and tell me if something has to be changed in the frontend or the UMC functions (e.g. missing parameters) +++ This bug was initially created as a clone of Bug #34019 +++ A UMC wizard for AD Takeover should be implemented. If univention-ad-takeover needs to be adjusted for this another bug should be cloned.
* The backend routines have been migrated to the python module in univention-management-console-module-adtakeover. * Persistent state management has been implemented. * A new state "done" has been defined, signifying that a takeover has been completed already before. In this case the frontend shows an initial info dialog before the "start" dialog can be accessed. * A new sysvol GPO check has been implemented * A fix for Bug 29753 has been implemented in the backend module * Initial sanity checks for the AD server have been improved: ** Check that an AD is present at all before trying to authenticate. This improves the user experience by avoiding the authentication timeout. ** Check that the given AD server has a different NTDS GUID from the local UCS server. This blocks silly attempts to takeover the local system and it also blocks attempts to do the same takeover again. Advisory: 2014-03-05-univention-management-console-module-adtakeover.yaml
A python syntax checker revealed: UCS_License_detection.check_license: Undefined variable 'find_licenses' UCS_License_detection.check_license: Undefined variable 'baseDN' UCS_License_detection.check_license: Undefined variable 'choose_license'
fixed.
Please check if the ldap base of the UCS server and the AD server is equal. I got the following Traceback in UMC during the adtakeover against an AD with a different ldap base. Die Ausführung des Kommandos copy_domain_data ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 60, in _background result = func(self, request) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/__init__.py", line 107, in copy_domain_data takeover.join_to_domain_and_copy_domain_data(ip, username, password, self.progress) File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 267, in join_to_domain_and_copy_domain_data takeover.post_join_tasks_and_start_samba_without_drsuapi() File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adtakeover/takeover.py", line 920, in post_join_tasks_and_start_samba_without_drsuapi attrs=["objectSid"]) LdbError: (32, 'No such Base DN: DC=W2K12,DC=TEST') UCS ldap base: DC=W2K12,DC=TEST AD ldap base: DC=W2K3,DC=TEST
* added a check for the LDAP base DN. * added a check for the GPO file version against the container version (to detect non-copied GPOs in case only default policies were modified).
AD-Takeover: OK, tested with W2K12, W2K8, W2K8R2 (english), W2K12 (french, without windows clients) and W2K3 as AD Domain Controller. Created users/groups/policies and joined windows clients to the AD domain. => adtakeover OK - users/groups/policies are synced OK - create users/groups/policies with RSAT-Tools OK - logon to already joined windows client (new and old users) OK - join of a new windows client OK - GPO's are applied on the windows clients FAIL - W2K12 (french) robocopy failed (wrong ntacl's on the default policy container and not mapping for "Administrateur" in samba/adminuser to override ntacl's) -> bug #34527 UMC: OK - states OK - time diff test OK - GPO test OK - function level test OK - license test OK - ldap base test
http://errata.univention.de/ucs/3.2/88.html