Bug 36778 - member-mode fails if Administrator account (well known RID) has different password in AD
member-mode fails if Administrator account (well known RID) has different pas...
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Arvid Requate
Stefan Gohmann
Depends on:
  Show dependency treegraph
Reported: 2014-11-17 20:35 CET by Ingo Steuwer
Modified: 2015-01-29 11:43 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

logfile: login and password for RID 500 changed in AD (79.16 KB, text/x-log)
2014-11-19 16:57 CET, Ingo Steuwer

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2014-11-17 20:35:30 CET
very similar to #36776

The adminstrative account is renamend in AD. To avoid Bug #36776, I renamed it in UCS also. But as long as the passwords are different, this still does not work as the join script uses the "old" UCS password for the administrative account, while the "new" AD password is already needed.

In UCS 3.2-4 it fails in line 277:

univention-directory-manager computers/$server_role modify "$@" --dn "$ldap_hostdn" --append-option samba --set password="$(cat /etc/machine.secret)" || die

Failure is "authentication error: Authentication failed"
Comment 1 Ingo Steuwer univentionstaff 2014-11-19 16:57:04 CET
Created attachment 6432 [details]
logfile: login and password for RID 500 changed in AD

Attachement is a logfile where both name and password of the administrative account (RID500) differ from UCS (in AD it has been renamed to "sysad").
Comment 2 Arvid Requate univentionstaff 2014-12-15 14:51:05 CET
Should be fixed along with Bug 36776.

Advisory: 2014-12-09-univention-ad-connector.yaml
Comment 3 Stefan Gohmann univentionstaff 2015-01-20 21:59:18 CET
Tests were successful. I made different joins with renamed Administrator accounts and new Domain Admins.

Comment 4 Janek Walkenhorst univentionstaff 2015-01-29 11:41:41 CET
Comment 5 Janek Walkenhorst univentionstaff 2015-01-29 11:43:11 CET