Univention Bugzilla – Bug 46118
Remove NT DC functionality
Last modified: 2018-03-14 14:38:24 CET
The Windows NT DC functionality should be removed with UCS 4.3. * Updates of UCS Samba/NT DCs should be blocked from updating. * Support for Samba3 to Samba4 Migration should be removed. * Documentation should be adjusted accordingly. * UMC fields that only work with UCS Samba/NT domains should also be removed. * Jenkins "s3" integration test series should be adjusted to test "without Samba" instead. AD-Member mode and UCS Samba Memberservers will still be supported.
The first four points plus documentation have been adjusted in UCS and UCS@school. * https://git.knut.univention.de/univention/ucs/commits/arequate/bug46118 * https://git.knut.univention.de/univention/ucsschool/commits/arequate/bug46118 These UCS packages have been imported from that scope and built in ucs_4.3-0-bug46118: * univention-samba 12.0.0-7A~4.3.0.201802051826 * univention-samba4 7.0.2-1A~4.3.0.201802051826 * univention-directory-manager-modules 13.1.12-2A~4.3.0.201802051827
I've updated the documentation patch commit. Our executive git merge manager says that QA has to happen from the feature scope first, so, there you go.
*** Bug 35530 has been marked as a duplicate of this bug. ***
the first join of univention-samba always seems to fail http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/SambaVersion=samba-pdc,Systemrolle=slave/ws/test/join.log/*view*/ Configure 26univention-samba.inst Wed Feb 7 20:45:19 EST 2018 2018-02-07 20:45:20.009388062-05:00 (in joinscript_init) Create samba/role Multifile: /etc/samba/smb.conf 07.02.18 20:45:22.469 DEBUG_INIT UNIVENTION_DEBUG_BEGIN : uldap.__open host=master098.autotest098.local port=7389 base=dc=autotest098,dc=local UNIVENTION_DEBUG_END : uldap.__open host=master098.autotest098.local port=7389 base=dc=autotest098,dc=local Create samba/profileserver Create samba/profilepath Create samba/homedirserver Create samba/homedirpath Create samba/homedirletter Multifile: /etc/samba/smb.conf Create samba/domain/security Multifile: /etc/samba/smb.conf No handlers could be found for logger "univention.service_info" Setting samba/autostart Module: autostart Multifile: /etc/samba/smb.conf Not updating samba/autostart Stopping nfs-kernel-server (via systemctl): nfs-kernel-server.serviceWarning: nfs-kernel-server.service changed on disk. Run 'systemctl daemon-reload' to reload units. . Stopping winbind (via systemctl): winbind.service. Create samba/user Create samba/user/pwdfile Multifile: /etc/samba/smb.conf Setting stored password for "cn=slave098,cn=dc,cn=computers,dc=autotest098,dc=local" in secrets.tdb setting idmap secret for '*' from /etc/machine.secret Secret stored Restarting samba (via systemctl): samba.service. Object modified: cn=slave098,cn=dc,cn=computers,dc=autotest098,dc=local Bad SMB2 signature for message [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0000] 87 F1 12 02 84 30 90 1D 3D 8E BD 85 4F 3A A2 9D .....0.. =...O:.. Failed to join domain: failed to lookup DC info for domain 'AUTOTEST098' over rpc: {Access Denied} A process has requested access to an object but has not been granted those access rights. Failed to join domain: failed to lookup DC info for domain 'AUTOTEST098' over rpc: The transport-connection attempt was refused by the remote system. Bad SMB2 signature for message [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0000] C8 B4 7F A1 BF E0 DB 0A 80 63 68 33 0C 47 0E CA ........ .ch3.G.. Failed to join domain: failed to lookup DC info for domain 'AUTOTEST098' over rpc: {Access Denied} A process has requested access to an object but has not been granted those access rights. ERROR: Failed to join via net rpc join. Please check your Samba DCs and your DNS and WINS configuration. Wed Feb 7 20:45:36 EST 2018: finish /usr/share/univention-join/univention-join 07.02.18 21:04:48.787 DEBUG_INIT and later RUNNING 26univention-samba.inst 2018-02-07 23:31:04.786374288-05:00 (in joinscript_init) Not updating samba/role 07.02.18 23:31:06.169 DEBUG_INIT UNIVENTION_DEBUG_BEGIN : uldap.__open host=master098.autotest098.local port=7389 base=dc=autotest098,dc=local UNIVENTION_DEBUG_END : uldap.__open host=master098.autotest098.local port=7389 base=dc=autotest098,dc=local Not updating samba/profileserver Not updating samba/profilepath Not updating samba/homedirserver Not updating samba/homedirpath Not updating samba/homedirletter Setting samba/domain/security Multifile: /etc/samba/smb.conf Setting samba/autostart Module: autostart Multifile: /etc/samba/smb.conf Not updating samba/autostart Stopping nfs-kernel-server (via systemctl): nfs-kernel-server.serviceWarning: nfs-kernel-server.service changed on disk. Run 'systemctl daemon-reload' to reload units. . Stopping winbind (via systemctl): winbind.service. Setting samba/user Not updating samba/user/pwdfile Multifile: /etc/samba/smb.conf Setting stored password for "cn=slave098,cn=dc,cn=computers,dc=autotest098,dc=local" in secrets.tdb setting idmap secret for '*' from /etc/machine.secret Secret stored Restarting samba (via systemctl): samba.service. Object modified: cn=slave098,cn=dc,cn=computers,dc=autotest098,dc=local Using short domain name -- AUTOTEST098 Joined 'SLAVE098' to domain 'AUTOTEST098' Setting windows/wins-support Multifile: /etc/samba/smb.conf Stopping samba (via systemctl): samba.service. Stopping winbind (via systemctl): winbind.service. Starting samba (via systemctl): samba.service. Starting winbind (via systemctl): winbind.service. Successfully granted rights. Successfully granted rights. Object created: cn=slave098.autotest098.local,cn=shares,dc=autotest098,dc=local Object modified: cn=slave098.autotest098.local,cn=shares,dc=autotest098,dc=local Starting nfs-kernel-server (via systemctl): nfs-kernel-server.serviceWarning: nfs-kernel-server.service changed on disk. Run 'systemctl daemon-reload' to reload units. . Object exists: cn=services,cn=univention,dc=autotest098,dc=local Object created: cn=Samba 3,cn=services,cn=univention,dc=autotest098,dc=local Object modified: cn=slave098,cn=dc,cn=computers,dc=autotest098,dc=local Could not chdir to home directory /dev/null: Not a directory rsync: change_dir "/var/lib/samba/account-policy" failed: No such file or directory (2) rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1668) [Receiver=3.1.2] rsync: [Receiver] write error: Broken pipe (32) 2018-02-07 23:31:57.233559209-05:00 (in joinscript_save_current_version) EXITCODE=0 still some errors, but at least EXITCODE=0
> the first join of univention-samba always seems to fail I assume you mean univention-samba-slave-pdc. I guess this fails because the LDAP ACLs on the master are much more strict in recent UCS versions. Customers running this setup have set this up with earlier UCS versions. We'll need to discuss with the TAM how to proceed with the test cases to make them testable (Bug 46218). Anyway, we didn't change anything about univention-samba-slave-pdc in that package, so let's proceed.
ucs-test adjustment: * 53_samba-common/30winbind: Samba is also required (Bug #46118) https://git.knut.univention.de/univention/ucs/commit/e37e07472efd082bcca59346f7b0ec3fd42a0331
s4 connector in the installation tests gets rejects now 15.02.2018 06:33:52,339 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=ucs-sso,CN=Users,DC=test,DC=local 15.02.2018 06:33:52,346 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=ucs-sso,cn=users,dc=test,dc=local 15.02.2018 06:33:52,427 LDAP (ERROR ): Unknown Exception during sync_to_ucs 15.02.2018 06:33:52,428 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1588, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1365, in modify_in_ucs res = ucs_object.modify(serverctrls=serverctrls, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1657, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 526, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1068, in _modify ml = self._ldap_modlist() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1957, in _ldap_modlist ml = self._modlist_samba_mungeddial(ml) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 2307, in _modlist_samba_mungeddial sambaMunged = self.sambaMungedDialMap() File "/usr/lib/pymodules/python2.7/univention/admin/mungeddial.py", line 408, in sambaMungedDialMap sambaMungedDial = base64.decodestring('bQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkAA%sAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAFAA==' % dialin_val) File "/usr/lib/python2.7/base64.py", line 328, in decodestring return binascii.a2b_base64(s) Error: Incorrect padding I guess this is due to some udm backend changes, nevertheless this whole MungedDial stuff is removed from udm with this bug. So please merge the changes from here to ucs asap to fix the tests
Breaks a lot of tests that use UDM even without s4: http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/lastBuild/SambaVersion=no-samba,Systemrolle=slave/testReport/junit/40_mail/29_mail_related_modifications_of_user_objects/test/
> Comment 7 That's not this bug, because that code wouldn't be even present any more if this branch had been merged. I guess it's due to the regression caused by the refactoring of users/user self.open() done for Bug #45842 and my attempt to fix that. I have checked that code again and adjusted it again a bit. I think that would fix it. Anyway, the sambaMungedDial code will be removed once this branch gets merged.
Feature branch merge commit: cc07e6ba7c Package: univention-samba Version: 12.0.1-0A~4.3.0.201802161020 Branch: ucs_4.3-0 Package: univention-samba4 Version: 7.0.2-2A~4.3.0.201802161059 Branch: ucs_4.3-0 Package: univention-directory-manager-modules Version: 13.0.20-1A~4.3.0.201802161042 Branch: ucs_4.3-0 Package: univention-l10n-fr Version: 2.0.0-5A~4.3.0.201802161101 Branch: ucs_4.3-0 Package: ucs-test Version: 8.0.28-13A~4.3.0.201802161044 Branch: ucs_4.3-0 preup.sh and changelog-4.3 adjusted too.
Code review: OK https://git.knut.univention.de/univention/ucs/commit/cc07e6ba7c6019520ae4a7298ccbad7523eee065 Changelog / Release Notes: OK: Changelog is available; I've added a comment to the release notes bug. Tests: Failed. On my Samba 3 test system, the update was started. The preup script seems to be old. Did you rebuild univention-updater?
> Tests: Failed. On my Samba 3 test system, the update was started. The preup > script seems to be old. Did you rebuild univention-updater? No I had not, I thought they get copied from git/svn. I've rebuilt it now: Package: univention-updater Version: 13.0.1-19A~4.3.0.201802202159 Branch: ucs_4.3-0
Tests Samba 3 4.2-3 environment: OK, the update is blocked on DCs with Samba 3 and without Slave PDC. The upgrade is possible after the Samba 4 migration. Slave PDC installation: OK, the update is not blocked Update without Samba or with Samba 4: OK Other issues: - The samba privileges don't have an effect in Samba 4 / AD environments. See Bug #24075. I've added it to the board discussion. - The logon hours are now useless. See Bug #24204. I've added it to the board discussion as well.
(In reply to Stefan Gohmann from comment #13) > Tests Samba 3 4.2-3 environment: OK, the update is blocked on DCs with Samba > 3 and without Slave PDC. The upgrade is possible after the Samba 4 migration. > > Slave PDC installation: OK, the update is not blocked > > Update without Samba or with Samba 4: OK > > > Other issues: > - The samba privileges don't have an effect in Samba 4 / AD environments. > See Bug #24075. I've added it to the board discussion. > - The logon hours are now useless. See Bug #24204. I've added it to the > board discussion as well.
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".