Bug 38357

Summary: UCS memberservers currently cannot find a server for password authentication/change
Product: UCS Reporter: Philipp Hahn <hahn>
Component: KerberosAssignee: UCS maintainers <ucs-maintainers>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P5    
Version: UCS 4.0   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=30839
https://forge.univention.org/bugzilla/show_bug.cgi?id=30843
https://forge.univention.org/bugzilla/show_bug.cgi?id=36748
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Philipp Hahn univentionstaff 2015-04-24 14:00:26 CEST 
On a memberserver without Samba3 / Samba4 kerberos/kdc remains unset.
Because of that pam_krb5.so falls back to using DNS.
In a firewalled environment contacting those servers fails.
Therefore logging in as a user fails.

Similar to Bug #30839 (S4) and Bug #30843 (S3).

management/univention-join/univention-join only sets "kerberos/adminserver", but not "kerberos/kdc"
Comment 1 Florian Best univentionstaff 2017-06-28 14:53:15 CEST 
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Comment 2 Stefan Gohmann univentionstaff 2019-01-03 07:18:31 CET 
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.