Bug 36778

Summary: member-mode fails if Administrator account (well known RID) has different password in AD
Product: UCS Reporter: Ingo Steuwer <steuwer>
Component: AD ConnectorAssignee: Arvid Requate <requate>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P5 CC: gohmann, grandjean, walkenhorst
Version: UCS 3.2   
Target Milestone: UCS 4.0-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: logfile: login and password for RID 500 changed in AD

Description Ingo Steuwer univentionstaff 2014-11-17 20:35:30 CET
very similar to #36776

The adminstrative account is renamend in AD. To avoid Bug #36776, I renamed it in UCS also. But as long as the passwords are different, this still does not work as the join script uses the "old" UCS password for the administrative account, while the "new" AD password is already needed.

In UCS 3.2-4 it fails in line 277:

univention-directory-manager computers/$server_role modify "$@" --dn "$ldap_hostdn" --append-option samba --set password="$(cat /etc/machine.secret)" || die

Failure is "authentication error: Authentication failed"
Comment 1 Ingo Steuwer univentionstaff 2014-11-19 16:57:04 CET
Created attachment 6432 [details]
logfile: login and password for RID 500 changed in AD

Attachement is a logfile where both name and password of the administrative account (RID500) differ from UCS (in AD it has been renamed to "sysad").
Comment 2 Arvid Requate univentionstaff 2014-12-15 14:51:05 CET
Should be fixed along with Bug 36776.

Advisory: 2014-12-09-univention-ad-connector.yaml
Comment 3 Stefan Gohmann univentionstaff 2015-01-20 21:59:18 CET
Tests were successful. I made different joins with renamed Administrator accounts and new Domain Admins.

YAML: OK
Comment 4 Janek Walkenhorst univentionstaff 2015-01-29 11:41:41 CET
<http://errata.univention.de/ucs/4.0/55.html>
Comment 5 Janek Walkenhorst univentionstaff 2015-01-29 11:43:11 CET
<http://errata.univention.de/ucs/4.0/56.html>