Bug 35095
| Summary: | UCS in Active Directory domain - univention-samba | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
| Component: | Samba | Assignee: | Felix Botner <botner> |
| Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
| Severity: | enhancement | ||
| Priority: | P5 | CC: | walkenhorst |
| Version: | UCS 3.2 | ||
| Target Milestone: | UCS 3.2-2-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 34091 | ||
| Attachments: |
create_user_and_test_kerberos_smbclient.sh
check_user_against_winbind_ad_and_ldap.sh create_user_and_test_kerberos_smbclient.sh check_user_against_winbind_ad_and_ldap.sh |
||
|
Description
Stefan Gohmann
Merged patches from ucs-3.2/component/ucs-in-ad-domain/univention-samba/ to ucs-3.2-2.
Also added a new package univention-samba-ad-member. This package has the exact same contents as univention-samba, but conflicts with univention-samba (univention-samba and univention-samba-ad-member can not both installed on same machine). We need this package to differentiate the "AD member mode" and normal "NT domaincontroller mode" in the appcenter.
Import UCR variables:
samba/role - is set automatically during postinst/join (depending on ad/member)
defines the samba role "domaincontroller" or "member"
ad/member (bool) - is set by the ad member mode wizard
Modes:
NT domaincontroller - ad/member has to be false, install univention-samba
AD member - ad/member has to be true, install univention-samba-ad-member
Test done so far:
* NT Mode: no samba config differences on master/slave/member between old
and new univention-samba package
* NT Mode: master, slave and member with new univention-samba package,
join OK, samba login OK, windows join OK
* Member Mode: master, slave and member with new univention-samba-ad-member
package (and ad/member=true), join to AD OK, samba login OK
wbinfo OK
YAML: 2014-07-16-univention-samba.yaml
We need only package, but we have to check the if the postinst supports changes of ad/member (samba/role) (In reply to Felix Botner from comment #2) > We need only package, but we have to check the if the postinst supports > changes of ad/member (samba/role) done YAML: 2014-07-16-univention-samba.yaml Created attachment 6030 [details] create_user_and_test_kerberos_smbclient.sh This is a testscript which creates a user in ADS, tests kinit and kerberos write access to his home directory on the local UCS server as well as read access to the sysvol of the AD server. Verified: * Code review * Functionality * Due to Bug 35533 the "Administrateur" is not configured as "admin users" in smb.conf. But that's a general univention-samba issue. * Advisory Ok Created attachment 6031 [details]
check_user_against_winbind_ad_and_ldap.sh
Another test to check consitency of username/SID/uidNumber resolution against IDMAP/winbind/AD/OpenLDAP in AD Member mode.
This also looks good. So, verified.
Created attachment 6035 [details]
create_user_and_test_kerberos_smbclient.sh
Fixed an authentication bug and wait for ad connector.
Created attachment 6036 [details]
check_user_against_winbind_ad_and_ldap.sh
Fixed an authentication bug and wait for ad connector.
|