Bug 38557

Summary: Administrator can't override Domain lockout
Product: UCS Reporter: Kevin Dominik Korte <korte>
Component: S4 ConnectorAssignee: Stefan Gohmann <gohmann>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: critical    
Priority: P5 CC: gohmann, requate, walkenhorst
Version: UCS 4.0   
Target Milestone: UCS 4.0-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: reset_lockout_values.patch

Description Kevin Dominik Korte univentionstaff 2015-05-19 01:26:16 CEST 
If the user is logged out of a Windows Workstation, because the domain logout policy was set in Samba 4, the administrator is unable to disable the logout from the UMC. Even setting a new password does not resolve the issue.

Thus the Customer has no other chance then to wait for the logout to timeout. Expected would be that, if a new password is set via the UMC, the logout is disabled by the S4 connector.

Critical as it severely hampers Operations, when users have to wait for the timeout.

Expected would be: user goes to helpdesk, helpdesk sets new password, user can login with the new password.
Comment 1 Kevin Dominik Korte univentionstaff 2015-05-19 01:52:53 CEST 
Frustratingly even the with the samba-tool user enable the logout can't be disabled.
Comment 2 Stefan Gohmann univentionstaff 2015-05-19 06:19:27 CEST 
Created attachment 6910 [details]
reset_lockout_values.patch
Comment 3 Stefan Gohmann univentionstaff 2015-05-19 06:20:08 CEST 
(In reply to Stefan Gohmann from comment #2)
> Created attachment 6910 [details]
> reset_lockout_values.patch

This patch resets the lockout values.
Comment 4 Stefan Gohmann univentionstaff 2015-05-28 10:57:59 CEST 
I've applied the patch: r60901
YAML: r60902
Comment 5 Arvid Requate univentionstaff 2015-05-28 14:55:33 CEST 
Patch is in the built code, works and advisory is ok.
Comment 6 Janek Walkenhorst univentionstaff 2015-05-28 16:50:31 CEST 
<http://errata.univention.de/ucs/4.0/204.html>