Univention Bugzilla – Bug 50503
diagnostic module to check UCRV dns/backend on UCS@school DCs
Last modified: 2020-10-15 09:40:59 CEST
In UCS we can switch between backends for DNS by UCRV dns/backend from samba4 to ldap. This is -more or less- equal functionality. In ucs@school for the school-slaves this variable has mandantory to be set to "samba4"! We should consider to make sure this variable is always set to samba4 when ucs@school is installed (an on a school-slave) Might be possible by creating a policy to overwrite this setting for all OUs. We should *NOT* allow customers to set it to something else than samba4.
On DC master and DC backup system running Samba4, the DNS backend must also not be changed to "ldap".
*** Bug 50502 has been marked as a duplicate of this bug. ***
> Might be possible by creating a policy to overwrite this setting for all OUs. I would suggest to set the UCR variable within the UCS@school metapackages via --force to "samba4". This makes sure, that the UCR variable is not mistakenly set e.g. on "central slaves", and only set if UCS@school is installed.
I set "Who will be affected by this bug?" to "Will affect a very few installed domains", because I think that only very few domains are really affected. Irrespective of the fact that it has really unpleasant impacts. Feel free to discuss it.
(In reply to Sönke Schwardt-Krummrich from comment #3) > > Might be possible by creating a policy to overwrite this setting for all OUs. > > I would suggest to set the UCR variable within the UCS@school metapackages > via --force to "samba4". This makes sure, that the UCR variable is not > mistakenly set e.g. on "central slaves", and only set if UCS@school is > installed. Using "--force" has often unexpected side effects, for example the UCR Policy cron job will report this by mail daily for all instances. I suggest to have an UCS@school specific UMC check for this which links to the documentation. For documentation we have Bugs #50499 and #50501
*** Bug 50499 has been marked as a duplicate of this bug. ***
Write a diagnostic test (add to package 'ucs-school-umc-diagnostic') that verifies that if the hosts role is a {master, backup, slave} domain controller and Samba4 ist installed, that the value of the UCR "dns/backend" is "samba4".
Added diagnostic check to ucs-school-umc-diagnostic with commit commit 4a1bcb616680bd6857cd62820687edf8c20b77a5 Bug #50503: added diagnostic check to branch troehmey/bug50503.
QA Description & Warning (...) and samba4 is installed -> You do not check if samba4 is installed, only if the ucr-v is set correctly. Please add the corresponding code & description.
The diagnostic module now checks if samba is actually installed and the version is 4.* Solution pushed with commits commit 63b7ac5579bc2aed16b9ebc621ecd14427807f28 Bug #50503: check samba version commit 6ecb3410f339df6e705e1bdd1185cab3251a5196 Bug #50503: add check if samba is installed on branch troehmey/bug50503
Code -> looks fine, works as expected. Description: UCS@school: test that verifies that if the hosts role is a master, slave or backup DC and samba4 is installed -> I think this is misleading: The check is run for master/slave & backup, other roles are ignored. I would suggest: UCS@school: Test that checks if the host role is master, slave or backup DC, samba4 is installed.
Description has been improved with commit commit 2c2732fa5acb342bdfaed50592d50870865551e4 Bug #50503: improved description
QA -> all ok. Reopen for build&merge Please add merge, add changelog&yaml and build.
Merged with commits: commit 61792655abe334a4d12a9dae1d7cff4d4a012437 Bug #50503: added yaml commit 49c7dc7eced832ed1c8d7fa6ce4b18812bd98cc2 Bug #50503: added changelog entry commit a639b862b89d4337e68b015fb7b504097a6a9448 Merge: 463f411d2 66720e02f Bug #50503: Merge branch 'troehmey/bug50503' into 4.4 to 4.4 Successful build: Package: ucs-school-umc-diagnostic Version: 1.0.0-10A~4.4.0.202006031541 Branch: ucs_4.4-0 Scope: ucs-school-4.4
QA -> all ok -> VERIFY Changelog -> ok YAML -> ok Functionality -> works like before.
UCS@school 4.5 v5 has been released (errata update to the release). http://docs.software-univention.de/changelog-ucsschool-4.4v5-de.html If this error occurs again, please clone this bug.
Due to technical problems, the version had to be republished. UCS@school 4.4 v5 has been released (errata update to the release). http://docs.software-univention.de/changelog-ucsschool-4.4v5-de.html#changelog:ucsschool:2020-07-30 If this error occurs again, please clone this bug.