Bug 34179 - sambaHomePath is not set correctly for staff users
sambaHomePath is not set correctly for staff users
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Import scripts
UCS@school 3.2
Other Linux
: P5 normal (vote)
: UCS@school 3.2 R2 Errata
Assigned To: Sönke Schwardt-Krummrich
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-21 16:21 CET by Sönke Schwardt-Krummrich
Modified: 2014-08-27 17:01 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): U@S: Administrational DC
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2014-02-21 16:21:11 CET
During user import the import script uses the home share file server that has been configured at the OU object. This setting/the import script does not differentiate between educational users and administrative users. Therefore "staff" users and "teacher und staff" users are unable to use the server side home directory of the administrative DC since sambaHomePath refers to the educational DC.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2014-02-21 16:23:26 CET
There is a patch available for samba4 that brings back the old samba3 behaviour (global configuration of the home path by the logon server):

https://git.samba.org/samba.git/?p=samba.git;a=blobdiff;f=lib/param/loadparm.c;h=35666c339459168b4ff2673b375fcc588cc72411;hp=6772ada6494b6dc2918a0942e4e40512747da717;hb=158ce93f4f50f3b10bcadef9eadd613c55bb6cae;hpb=48997559a529152e466c8330cb7d8eb19e1907b0
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2014-08-19 10:56:09 CEST
> Therefore "staff" users and "teacher und staff" users are unable to use the 
> server side home directory of the administrative DC since sambaHomePath 
> refers to the educational DC.

For "teachers and staff" this is only the case if a firewall blocks access between educational and administrative subnet (which should be the case in most environments). This problem cannot be fixed via LDAP attributes since the attributes are not server specific. Maybe a solution via GPOs on the administrative slave is possible.

"staff" users are only located on the administrative slave. The user accounts are not replicated to the educational slave which prevents the users from using any share on the educational slave (if auth is required).
Since the administrative slave should behave like a plain-UCS-server, the import script and the UCS@school library have been modified and will not set the following samba LDAP attributes anymore:
- sambaHomePath
- sambaHomeDrive
- sambaLogonScript
- sambaProfilePath

It is still possible to set these values via hook scripts or GPO or ...

ucs-school-import (10.0.24-1) unstable; urgency=low

The test framework in ucs-test-ucsschool has been changed accordingly.

Changelog entry has been added.

Manual changes have been comitted.
Comment 3 Florian Best univentionstaff 2014-08-22 14:28:02 CEST
Changelog: OK
Manual: OK
Fix: OK
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2014-08-27 17:01:47 CEST
UCS@school 3.2 R2 v2 has been released:
http://docs.univention.de/release-notes-ucsschool-3.2R2v2-de.html

If this error occurs again, please use "Clone This Bug".