Univention Bugzilla – Bug 37136
Windows Clients are not member of "Domain Computers"
Last modified: 2018-04-13 13:28:51 CEST
Ticket#2014090221000218 shows that we have an issue with putting Windows Clients into the group "Windows Hosts" by default instead of into the group "Domain Computers", which AD and Samba4 do by default. This is how a Windows-Client looks in Samba4/AD after joining: ======================================================= root@master50:~# univention-s4search samaccountname='win7pro231$' primaryGroupID --controls="domain_scope:1" # record 1 dn: CN=WIN7PRO231,CN=Computers,DC=ar40i1,DC=qa primaryGroupID: 515 ======================================================= This is the Group: ======================================================= root@master50:~# univention-s4search \ CN="Domain Computers" \ objectSid --controls="domain_scope:1" # record 1 dn: CN=Domain Computers,CN=Groups,DC=ar40i1,DC=qa objectSid: S-1-5-21-4160236376-659392039-2623999578-515 root@master50:~# univention-ldapsearch -xLLL \ sambasid=S-1-5-21-4160236376-659392039-2623999578-515 dn: cn=Domain Computers,cn=groups,dc=ar40i1,dc=qa sambaGroupType: 2 cn: Domain Computers description: All workstations and servers joined to the domain objectClass: top objectClass: posixGroup objectClass: univentionGroup objectClass: sambaGroupMapping objectClass: univentionObject univentionObjectType: groups/group gidNumber: 5062 sambaSID: S-1-5-21-4160236376-659392039-2623999578-515 univentionGroupType: -2147483646 ======================================================= And this is how the windows client is created in OpenLDAP: ======================================================= root@master50:~# univention-ldapsearch -xLLL cn=win7pro231 gidNumber dn: cn=WIN7PRO231,cn=computers,dc=ar40i1,dc=qa gidNumber: 1005 root@master50:~# univention-ldapsearch -xLLL '(&(objectClass=posixGroup)(gidNumber=1005))' dn: cn=Windows Hosts,cn=groups,dc=ar40i1,dc=qa objectClass: top objectClass: posixGroup objectClass: univentionGroup objectClass: sambaGroupMapping objectClass: univentionObject univentionObjectType: groups/group cn: Windows Hosts sambaSID: S-1-5-21-4160236376-659392039-2623999578-11011 sambaGroupType: 2 gidNumber: 1005 uniqueMember: cn=DC Backup Hosts,cn=groups,dc=ar40i1,dc=qa uniqueMember: cn=membackup54,cn=computers,dc=ar40i1,dc=qa uniqueMember: cn=WIN7PRO231,cn=computers,dc=ar40i1,dc=qa memberUid: membackup54$ memberUid: WIN7PRO231$ =======================================================
Bug 37101 Comment 6 says: > The problem is not the Domain Computers/Window Hosts membership.