Comment 1 Ingo Steuwer 2020-07-03 20:52:13 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.

Comment 2 Philipp Hahn 2020-07-04 08:47:50 CEST

Just recently I had a broken customer system because of univention-skel

Comment 3 Philipp Hahn 2020-09-09 14:41:31 CEST

Remove it for UCS-5:
- baldy maintained: creates very old Windows profile directories (Bug #48587)
- not documented (Bug #32513)
- not yet migrated to Python3 (Bug #49060)
- K-Desktop is removed for UCS-5.

Comment 4 Arvid Requate 2020-09-09 15:37:52 CEST

We may still need to have a mechanism to create the default / default.v2 profile folders for Windows clients.
Did you check that?

Comment 5 Arvid Requate 2020-09-09 15:49:41 CEST

I think we still need this, see Bug #44895. Please restore.

Comment 6 Arvid Requate 2020-11-03 09:30:35 CET

Due to this change bash-completion is not installed any longer. I reverted the commit.
I don't even know how it was decided that this change was to be made.

dfd1ddfb56 Revert "Bug #43211 skel: Remove univention-skel"

The package was still built in the ucs_5.0-0 Release-Scope.

Comment 7 Ingo Steuwer 2020-11-03 09:36:25 CET

(In reply to Arvid Requate from comment #6)
> Due to this change bash-completion is not installed any longer. I reverted
> the commit.
> I don't even know how it was decided that this change was to be made.
> 
> dfd1ddfb56 Revert "Bug #43211 skel: Remove univention-skel"
> 
> The package was still built in the ucs_5.0-0 Release-Scope.

The removement of univention-skel implied for me that the default Debian behaviour "kicks in". Does Bash completion work with stock Debian?

I still favor to not port univention-skel to UCS 5 to reduce "UCS specialities" in areas which are not our focus. But systems have to behave like a "normal Debian".

Comment 8 Florian Best 2020-11-03 09:42:08 CET

We should make bash-completion a dependency of univention-base-packages. (If the dependency was the problem).

Comment 9 Philipp Hahn 2020-11-03 13:03:22 CET

(In reply to Ingo Steuwer from comment #7)
> (In reply to Arvid Requate from comment #6)
> > Due to this change bash-completion is not installed any longer. I reverted
> > the commit.
> > I don't even know how it was decided that this change was to be made.
> > 
> > dfd1ddfb56 Revert "Bug #43211 skel: Remove univention-skel"
> > 
> > The package was still built in the ucs_5.0-0 Release-Scope.
> 
> The removement of univention-skel implied for me that the default Debian
> behaviour "kicks in". Does Bash completion work with stock Debian?

There are multiple path how bash-completion gets loaded on Debian:
 /etc/skel/.profile → /etc/skel/.bashrc
 /etc/profile → /etc/profile.d/bash_completion.sh
 /etc/bash.bashrc

The main error here is that UCS is ignorant of upstream changes; read /usr/share/doc/bash-completion/README.Debian
 # ls -1 /etc/bash_completion.d/
 univention-config-registry
 univention-directory-manager
 univention-updater

They should be installed to /usr/share/bash-completion/completions/ instead and the old conffiles should be deleted via rm_conffile.


> I still favor to not port univention-skel to UCS 5 to reduce "UCS
> specialities" in areas which are not our focus. But systems have to behave
> like a "normal Debian".

The main difference between `univention-skel` and `/etc/skel/` is, that the later is only used when $HOME is first created.
`univention-skel` on the other hand is invoked though PAM each time a user logs in and thus can be used to update user files later on: It re-creates any missing files or updates all unmodified files. Those files also get deleted if the template is removed.

The main bug here is that the PAM module is invoked locally on each server, even for $HOME on NFS: If you login to MULTIPLE servers with DIFFERENT template directories, your $HOME will be modified each time.

Regarding the Windows profile directories:
- why are we still shipping directories for versions of the past century in services/univention-samba4/debian/univention-samba4.postinst:
 # ls -1 /etc/univention/skel/windows-profiles/
 default (Windows XP, Windows Server 2003, Windows Server 2003 R2)
 default.V2 (Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2)
 default.V3 (Windows 8, Windows Server 2012)
 default.V4 (Windows 8.1, Windows Server 2012 R2)
 default.V5 (Windows 10)
 default.V6 (Windows 10
 Vista
 Vista.V2
 Win2k
 Win2K3
 Win95
 WinNT
 WinXP
- Why are they created by .postinst and not included with the package .dirs?
- According to my research Windows should create them on demand - why doesn't this work with our Samba?

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
https://docs.microsoft.com/de-de/windows/client-management/mandatory-user-profile
https://docs.microsoft.com/de-de/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649079(v=ws.11)

Comment 10 Florian Best 2020-11-10 09:54:08 CET

I set the TM to 5.0 again, to make sure we do or don't do something here later.

Comment 11 Arvid Requate 2020-12-02 22:45:02 CET

I understand that the current implementation of univention-skel causes issues
and we should address them one by one.

Still, it serves a purpose and we cannot remove it as we desire without finding
replacements.


Regarding the diverse range of statements in Comment 9:

> - why are we still shipping directories for versions of the past century in services/univention-samba4/debian/univention-samba4.postinst:
> [...]
> - Why are they created by .postinst and not included with the package .dirs?

These are questions not relevant to this bug, I guess.

- According to my research Windows should create them on demand - why doesn't this work with our Samba?

We can research this, if required. Until now, there was no requirement.

IMHO we should keep focus in the development on UCS 5 and not touch all things at once.

*If* the changes required to retire univention-skel are transparent to the user,
which I believe is required, then this can be done in an errata-Update.

Comment 12 Philipp Hahn 2021-03-02 16:33:43 CET

[x] 8ea4b38a8e Bug #43211: univention-skel
 doc/changelog/changelog-5.0-0.xml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

https://taiga.knut.univention.de/project/oschwieg-ucs-5/task/5156?kanban-status=54

(In reply to Arvid Requate from comment #11)
> Still, it serves a purpose and we cannot remove it as we desire without
> finding replacements.

The replacement is the standard `/etc/skel/` mechanism, which gets used when a user is initially created:

install -m 755 -d /etc/skel/windows-profiles/default.V{6,5,4,3}
adduser --gecos test --shell /bin/bash --disabled-password test
# Kopiere Dateien aus »/etc/skel« ...
tree /home/test/windows-profiles
# /home/test/windows-profiles
# ├── default.V3
# ├── default.V4
# ├── default.V5
# └── default.V6

The equivalent for `univention-samba` and/or `univention-samba4` is to either include those empty directories within the package or create them dynamically at postinst time:

echo etc/skel/windows-profiles/default.V{6,5,4,3} | tr ' ' '\n' >> univention-samba/debian/univention-samba.dirs

echo etc/skel/windows-profiles/default.V{6,5,4,3} | tr ' ' '\n' >> univention-samba4/debian/univention-samba4.dirs

Comment 13 Arvid Requate 2021-03-16 17:58:52 CET

Ok, please do so and check that roaming profiles still work for Windows clients.

Comment 14 Philipp Hahn 2021-03-18 08:13:04 CET

[5.0-0] c95607fa91 feat[samba]: Create Windows profile directories
 services/univention-samba/debian/changelog                              |  6 ++++++
 services/univention-samba/debian/univention-samba-local-config.dirs     |  5 +++++
 services/univention-samba/debian/univention-samba-local-config.postinst | 15 +++++++++++++++
 3 files changed, 26 insertions(+)

[5.0-0] f98d711c45 fix[skel] skel: Remove univention-skel
 base/univention-errata-level/univention-maintained-packages.txt                  |  1 -
 base/univention-pam/conffiles/etc/pam.d/common-session.d/10univention-pam_common |  1 -
 base/univention-pam/debian/changelog                                             |  6 ++++++
 base/univention-pam/debian/control                                               |  1 -
 base/univention-skel/debian/changelog                                            | 10 ++++++----
 base/univention-skel/debian/control                                              |  9 ++++-----
 base/univention-skel/debian/rules                                                |  7 -------
 base/univention-skel/debian/univention-skel.dirs                                 |  1 -
 base/univention-skel/debian/univention-skel.docs                                 |  1 -
 base/univention-skel/debian/univention-skel.install                              |  2 --
 ...
 15 files changed, 25 insertions(+), 314 deletions(-)

Package: univention-samba
Version: 14.0.4-1A~5.0.0.202103180713

Package: univention-pam
Version: 13.0.3-3A~5.0.0.202103180719

Package: univention-skel
Version: 12.0.1-1A~5.0.0.202103180809

QA: I joined a Windows 8 into the domain and default.V2 was *automatically* created on first login. PAM seems not to be involeved at all.
QA: /etc/pam.d/samba -> common-session -> now has "pam_mkhomedir.so skel=/etc/skel" only, previously it also did "pam_runasroot.so user program=/usr/bin/univention-skel'" afterwards, which is now removed.
FYI: https://docs.software-univention.de/handbuch-4.4.html#windows:roamingprofiles:samba4

Comment 15 Philipp Hahn 2021-03-23 12:05:28 CET

*** Bug 48587 has been marked as a duplicate of this bug. ***

Comment 16 Philipp Hahn 2021-03-23 12:06:21 CET

*** Bug 32513 has been marked as a duplicate of this bug. ***

Comment 17 Arvid Requate 2021-03-23 14:23:20 CET

First test result:

This only works for users created with adduser, but not with UCS domain users.

No directories created below user. Consequently Windows CLients report an error writing the roaming profile.

Comment 18 Arvid Requate 2021-03-23 14:33:26 CET

Testes with
* Windows 10 Client against UCS 5.0 installed Master
* Windows 7 Client against UCS 5.0 Master updated from 4.4.7

Home directory gets created but:

root@master200:~# ls -la /home/user3
insgesamt 8
drwx--x--x 2 user3 Domain Users 4096 Dez 13 12:16 .
drwxr-xr-x 7 root  root         4096 Dez 13 12:16 ..

Comment 19 Arvid Requate 2021-03-23 17:49:21 CET

Ok this happens in case homedir/mount is set to "false" (default: true).

In that case /usr/sbin/univention-mount-homedir runs before pam_mkhomedir and creates the directory and the following pam_mkhomedir session call doesn't take any action.

I'll attach a patch for univention-mount-homedir.

I've improved the documentation of this feature (Bug #34346).

Comment 20 Arvid Requate 2021-03-23 17:49:51 CET

Created attachment 10662 [details]
mount-homedir.diff

Comment 21 Florian Best 2021-03-30 12:20:31 CEST

(In reply to Arvid Requate from comment #20)
> Created attachment 10662 [details]
> mount-homedir.diff
Applied that patch:

univention-home-mounter (11.0.1-1)
ee3db54b824e | Bug #43211: don't create homedir for users without automountInformation

Comment 22 Arvid Requate 2021-04-01 16:14:05 CEST

07454e3b63 | Explain migration in release changelog

Verified.

Comment 23 Florian Best 2021-05-25 15:59:39 CEST

UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".