Bug 35584

Summary: samba/role not set during update
Product: UCS Reporter: Janis Meybohm <meybohm>
Component: SambaAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Sönke Schwardt-Krummrich <schwardt>
Severity: critical    
Priority: P1 CC: botner, grandjean, walkenhorst
Version: UCS 3.2   
Target Milestone: UCS 3.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 35590    

Description Janis Meybohm univentionstaff 2014-08-08 10:10:02 CEST 
univention-samba 8.0.19-10.476.201407281536 introduces "samba/role" as new UCR but the variable is not set on updated systems. This leads to broken NT domains after installation of errata 164 as winbind stops working:


root@billy:~# wbinfo -U 2041
S-1-5-21-3980132504-3533172963-4083691310-5082
root@billy:~# wbinfo -S S-1-5-21-3980132504-3533172963-4083691310-5082
2041
root@billy:~# wbinfo -n janis
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name janis



 [2014/08/08 09:26:36.681600,  5]
../source3/winbindd/winbindd_lookupname.c:104(winbindd_lookupname_recv)

  Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED


root@billy:~# net rpc testjoin
net_rpc_join_ok: failed to get schannel session key from server BILLY
for domain KNUT. Error was NT_STATUS_ACCESS_DENIED
Join to domain 'KNUT' is not valid: NT_STATUS_ACCESS_DENIED



Workaround is to set samba/role to "domaincontroller" or "memberserver" (according to UCR server/role) and restart samba and winbind.
Comment 1 Felix Botner univentionstaff 2014-08-08 10:26:11 CEST 
samba/role is missing after the update (only set in the join script)!

samba/role is now set according to the server/role in postinst for this update.
Comment 2 Felix Botner univentionstaff 2014-08-08 10:29:34 CEST 
changes merged to 3.2-3
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2014-08-08 11:32:30 CEST 
OK: bug reproducible with old package version
OK: code change
OK: problem fixed with new package version
OK: YAML (small fix in description)
OK: added ucs-test script 50_samba/10ucr_samba_role that checks samba/role 
    on S3 systems
Comment 4 Janek Walkenhorst univentionstaff 2014-08-08 11:59:42 CEST 
http://errata.univention.de/ucs/3.2/178.html