Bug 35000 - Only move /var/lib/samba/private for re-join, not /var/lib/samba
Only move /var/lib/samba/private for re-join, not /var/lib/samba
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-2-errata
Assigned To: Arvid Requate
Stefan Gohmann
:
: 34396 35001 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-27 17:28 CEST by Arvid Requate
Modified: 2014-07-08 14:34 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-05-27 17:28:17 CEST
For a samba4 re-join we currently move the /var/lib/samba directory out of the way. This has several drawbacks, amongst them these three:

* If the re-join is performed via UMC, it has been observed that the umask (0077 ?) causes problems for Authenticated Users to access the sysvol folder below.

* The server side printer drivers are not found any longer (see Bug 34396)

* The ntp_signed directory is not accessible any longer for the group "ntp", causing problems with the ntp server (at least for windows clients).

One solution for these three issues would be to only move the "/var/lib/samba/private" directory out of the way and leave the remaining files untouched.
Comment 1 Arvid Requate univentionstaff 2014-06-03 18:00:20 CEST
Advisory: 2014-05-28-univention-samba4.yaml
Comment 2 Arvid Requate univentionstaff 2014-06-03 18:01:40 CEST
*** Bug 34396 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Gohmann univentionstaff 2014-06-04 07:43:56 CEST
I'm not sure if this change is the reason but after rejoining the DC backup I get:

root@backup212:~# samba-tool user add test-b Univention.99
ERROR(ldb): Failed to add user 'test-b':  - ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test-b,CN=Users,DC=deadlock21,DC=local - ../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=test-b,CN=Users,DC=deadlock21,DC=local
root@backup212:~#

The environment is up and running:
 10.201.21.1 (master) + 101.201.21.2 (backup)
Comment 4 Arvid Requate univentionstaff 2014-06-04 12:35:57 CEST
Comment 3: That's Bug #34754
Comment 5 Stefan Gohmann univentionstaff 2014-06-05 10:24:17 CEST
OK, works as expected.
Comment 6 Moritz Muehlenhoff univentionstaff 2014-06-05 15:33:21 CEST
http://errata.univention.de/ucs/3.2/119.html
Comment 7 Felix Botner univentionstaff 2014-07-08 14:34:31 CEST
*** Bug 35001 has been marked as a duplicate of this bug. ***