First Last Prev Next    This bug is not in your last search results.
Bug 41543 - krbtgt has wrong RID after s3->s4 migration
krbtgt has wrong RID after s3->s4 migration
Status: CLOSED DUPLICATE of bug 44333
Product: UCS@school
Classification: Unclassified
Component: Samba 4
UCS@school 4.1 R2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v6
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-13 11:35 CEST by Felix Botner
Modified: 2017-11-08 12:19 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2015120221000282
Bug group (optional):
Max CVSS v3 score:

Attachments
connector-s4.log.bz2 (157.85 KB, application/x-bzip)
2016-06-13 11:36 CEST, Felix Botner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2016-06-13 11:35:46 CEST 
Single school server with S3 -> Update to S4 (http://wiki.univention.de/UCS@school_Samba_3_to_Samba_4_Migration#Migration_of_the_UCS.40school_DCs_in_the_central_school_department)

-> univention-ldapsearch uid=krbtgt
...
sambaSID: S-1-5-21-4034621939-4037279472-3278188622-5012

This is bad. krbtgt has to have the RID *502*. Otherwise password change is not working (set "Change password on next login" and try to change password via kpasswd or windows, does not work if krbtgt has a RID other than 502).

Seems that the connector sets this faulty RID (connector/s4/mapping/sid_to_s4: yes
). Before the connector is started, the s4 object is still OK (rid 502). After the initial sync of the connector the RID is broken.

Maybe, in the first step, can add a hint to http://wiki.univention.de/UCS@school_Samba_3_to_Samba_4_Migration to verify (and correct) the RID of krbtgt after the migration.
Comment 1 Felix Botner univentionstaff 2016-06-13 11:36:26 CEST 
Created attachment 7735 [details]
connector-s4.log.bz2
Comment 2 Arvid Requate univentionstaff 2017-11-06 18:11:41 CET 
The adjustments for Bug 44333 should fix this:

1. If the RID is wrong during errata update, it will be corrected.

2. If the new udm-modules package is already installed before the migration, the account will be created with the correct RID.

*** This bug has been marked as a duplicate of bug 44333 ***
Comment 3 Felix Botner univentionstaff 2017-11-07 18:00:27 CET 
OK, verified with Bug #44333
First Last Prev Next    This bug is not in your last search results.