Bug 37136

Summary: Windows Clients are not member of "Domain Computers"
Product: UCS Reporter: Arvid Requate <requate>
Component: UMC - ComputersAssignee: UMC maintainers <umc-maintainers>
Status: RESOLVED WORKSFORME QA Contact:
Severity: normal    
Priority: P5 CC: best, birkefeld, gohmann, klaeser, petersen
Version: UCS 4.0   
Target Milestone: UCS 4.x   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=37344
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 37101, 37188    

Description Arvid Requate univentionstaff 2014-12-01 17:32:37 CET 
Ticket#2014090221000218 shows that we have an issue with putting Windows Clients into the group "Windows Hosts" by default instead of into the group "Domain Computers", which AD and Samba4 do by default.

This is how a Windows-Client looks in Samba4/AD after joining:
=======================================================
root@master50:~# univention-s4search samaccountname='win7pro231$' primaryGroupID --controls="domain_scope:1"

# record 1
dn: CN=WIN7PRO231,CN=Computers,DC=ar40i1,DC=qa
primaryGroupID: 515
=======================================================



This is the Group:
=======================================================
root@master50:~# univention-s4search \
  CN="Domain Computers" \
  objectSid --controls="domain_scope:1"
# record 1
dn: CN=Domain Computers,CN=Groups,DC=ar40i1,DC=qa
objectSid: S-1-5-21-4160236376-659392039-2623999578-515


root@master50:~# univention-ldapsearch -xLLL \
  sambasid=S-1-5-21-4160236376-659392039-2623999578-515 
dn: cn=Domain Computers,cn=groups,dc=ar40i1,dc=qa
sambaGroupType: 2
cn: Domain Computers
description: All workstations and servers joined to the domain
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
gidNumber: 5062
sambaSID: S-1-5-21-4160236376-659392039-2623999578-515
univentionGroupType: -2147483646
=======================================================

And this is how the windows client is created in OpenLDAP:
=======================================================
root@master50:~# univention-ldapsearch -xLLL cn=win7pro231 gidNumber
dn: cn=WIN7PRO231,cn=computers,dc=ar40i1,dc=qa
gidNumber: 1005


root@master50:~# univention-ldapsearch -xLLL '(&(objectClass=posixGroup)(gidNumber=1005))'
dn: cn=Windows Hosts,cn=groups,dc=ar40i1,dc=qa
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
cn: Windows Hosts
sambaSID: S-1-5-21-4160236376-659392039-2623999578-11011
sambaGroupType: 2
gidNumber: 1005
uniqueMember: cn=DC Backup Hosts,cn=groups,dc=ar40i1,dc=qa
uniqueMember: cn=membackup54,cn=computers,dc=ar40i1,dc=qa
uniqueMember: cn=WIN7PRO231,cn=computers,dc=ar40i1,dc=qa
memberUid: membackup54$
memberUid: WIN7PRO231$
=======================================================
Comment 1 Arvid Requate univentionstaff 2016-09-28 13:55:30 CEST 
Bug 37101 Comment 6 says:

> The problem is not the Domain Computers/Window Hosts membership.