Univention Bugzilla – Bug 53963
Veyon certificate has the same name on each schoolslave
Last modified: 2021-10-25 14:20:25 CEST
If the certificate has always the same name (veyon-cert.pem) on the school slave, and the certificate is stored in the sysvol directory, it is overwritten by a newer slave installations certificate. Afaik the default of sysvol replication is to replicate to all slaves and back to master. The school manual says to use the certificate from sysvol. With italk, the certificate was individualized: -r--r--r-- 1 root root 590 Mär 31 2021 italc-key.pub lrwxrwxrwx 1 root root 13 Mär 31 2021 italc-key.pub.key.txt -> italc-key.pub -r--r--r-- 1 root root 590 Mär 31 2021 italc-key_slave-02.pub lrwxrwxrwx 1 root root 22 Mär 31 2021 italc-key_slave-02.pub.key.txt -> italc-key_slave-02.pub -rw-r--r-- 1 root root 800 Apr 27 17:03 veyon-cert.pem
The impact is, that veyon is not usable. You may install the certificate from the netlogon path, but this seems not to be the solution or workaround for all environments, if the netlogon is linked to the sysvol (ucrv samba/share/netlogon/path)
Fixed in: [4.4 888cd24ee] Bug #53963: add hostname to veyon certificate file name [4.4 e7ac4a9d6] Bug #53963: advisory update ucs-school-veyon-windows (4.5.2.0-2) [5.0 dc946f6aa] Bug #53963: add hostname to veyon certificate file name ucs-school-veyon-windows (4.5.2.0-ucs5.0-1) -------------------------------------------------------------------- The raised join script version will result in new certificate files. Before: ls -1 /var/lib/samba/sysvol/uni.dtr/scripts/veyon* /var/lib/samba/netlogon/veyon/veyon-cert* /var/lib/samba/netlogon/veyon/veyon-cert.pem /var/lib/samba/sysvol/uni.dtr/scripts/veyon-cert.pem After update (and u..-run-join-s..): # ls -1 /var/lib/samba/sysvol/uni.dtr/scripts/veyon* /var/lib/samba/netlogon/veyon/veyon-cert* /var/lib/samba/netlogon/veyon/veyon-cert.pem /var/lib/samba/netlogon/veyon/veyon-cert_s44edu.pem /var/lib/samba/sysvol/uni.dtr/scripts/veyon-cert.pem /var/lib/samba/sysvol/uni.dtr/scripts/veyon-cert_s44edu.pem
Looks good to me in 4.4 and 5.0 Old cert still exists New certs are created
Errata updates for UCS@school 4.4 v9 have been released. https://docs.software-univention.de/changelog-ucsschool-4.4v9-de.html If this error occurs again, please clone this bug.