Univention Bugzilla – Bug 40973
UCC policies not set at school OU
Last modified: 2023-06-12 15:39:52 CEST
Created attachment 7571 [details] ErrorMessage 1) The DHCP-Policy is not linked to the UCC-Object by default in DHCP-Boot and DHCP-Routing 2) univention-tftp is not properly installed. In /var/lib/univention-client-boot/ is no pxelinux.0 After apt-get install --reinstall univention-tftp /var/lib/univention-client-boot/pxelinux.cfg/ is still empty. Resync the uccpxeboot module fixed the problem finally. univention-directory-listener-ctrl resync uccpxeboot Ticket:#2016031721000117 In my testenvironment, I could reproduce the problem. My installationorder: UCS 4.1-1, ucs@school and lastly UCC
""" Für die korrekte Funktion der UCC-Systeme ist sicherzustellen, dass die UCC-Systeme den Domänencontroller Master (nur bei Single-Server-Umgebungen!) bzw. den Domänencontroller Slave (Multi-Server-Umgebung) als DNS-Server verwenden. In der Standardeinstellung wird automatisch eine DHCP-DNS-Richtlinie cn=dhcp-dns-SCHULNAME,cn=policies,ou=SCHULNAME,dc=example,dc=com erstellt und mit dem Container cn=dhcp,ou=SCHULNAME,dc=example,dc=com verknüpft, die die IP-Adresse des Schulservers als DNS-Server über DHCP konfiguriert. Das automatische Erstellen und Verknüpfen der DHCP-DNS-Richtlinie kann durch das Setzen der UCR-Variable ucsschool/import/generate/policy/dhcp/dns/set_per_ou=false auf Domänencontroller Master- und Domänencontroller Slave-Systemen deaktiviert werden. """ Source: http://docs.software-univention.de/ucsschool-handbuch-4.1.html#school:ucc:configuration Have you checked (In reply to Christina Scheinig from comment #0) > 1) The DHCP-Policy is not linked to the UCC-Object by default in DHCP-Boot > and DHCP-Routing But the policy object has been created correctly? Have you checked if the policy is attached to the DHCP container of the OU? Or to any container at all? > 2) univention-tftp is not properly installed. In > /var/lib/univention-client-boot/ is no pxelinux.0 > > After apt-get install --reinstall univention-tftp > /var/lib/univention-client-boot/pxelinux.cfg/ is still empty. IIRC univention-tftp is not responsible to creating content in …/pxelinux.cfg/ > Resync the uccpxeboot module fixed the problem finally. > univention-directory-listener-ctrl resync uccpxeboot uccpxeboot.py is part of the package "ucc-pxe-boot". So maybe a UCC problem?
(In reply to Sönke Schwardt-Krummrich from comment #1) > > Resync the uccpxeboot module fixed the problem finally. > > univention-directory-listener-ctrl resync uccpxeboot > > uccpxeboot.py is part of the package "ucc-pxe-boot". So maybe a UCC problem? Maybe. I guess UCC without UCS@school works. We have seen the problem in the customer environment and in the support test environment. Adding the UCC maintainers to CC.
I know of no problems with the uccpxeboot listener in ucs@school. In which UMC module were the UCC objects created? Regarding the policies: The UCC wizard does not check if ucs@school is installed, so some policies may not be created in the school ou. It should be tested if it works when UCC is installed before ucs@school
When installing UCS@School and then UCC, the following steps are required to sucessfully rollout an UCC client. Ideally, this would be done by the ucs-school-ucc-integration package: On the dhcp domain object at cn=<OUname>,cn=dhcp,ou=myschool,$ldap_base * Set DHCP Boot policy * (Set DHCP DNS policy). There is one policy linked at the school dhcp container, but it does have an empty domainname value - the correct domainname setting is important for UCC. The dhcp-dns-<school> policy should be created with the domainname set * Link the cn=default-settings,cn=routing,cn=dhcp,cn=policies, policy to the domain object (or dhcp container)
> On the dhcp domain object at cn=<OUname>,cn=dhcp,ou=myschool,$ldap_base > * Set DHCP Boot policy > * (Set DHCP DNS policy). There is one policy linked at the school dhcp > container, but it does have an empty domainname value - the correct > domainname setting is important for UCC. The dhcp-dns-<school> policy should > be created with the domainname set > * Link the cn=default-settings,cn=routing,cn=dhcp,cn=policies, policy to the > domain object (or dhcp container) Ran into this during PT UCC. The above worked for me only with a slight adjustment: cn=default-settings,cn=routing,cn=dhcp,cn=policies,$ldap_base didn't have a router IP assigned. There was another policy cn=ucc-dhcp-gateway,cn=routing,cn=dhcp,cn=policies,$ldap_base which did.
This issue has been filled against UCS@school 4.1 (R2). The maintenance with bug and security fixes for UCS@school 4.1 (R2) has ended on 5th of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.