Univention Bugzilla – Full Text Bug Listing |
Summary: | sysvol-cleanup.py deletes grouppolicy folder for GPOs with an uppercase "CN=" | ||
---|---|---|---|
Product: | UCS | Reporter: | Jens Thorp-Hansen <thorp-hansen> |
Component: | Samba4 | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, markus.daehlmann, requate |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.2-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 4: Will affect most installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.343 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2017022321000249 | Bug group (optional): | |
Max CVSS v3 score: |
Description
Jens Thorp-Hansen
2017-02-23 11:16:15 CET
Yes, from a quick look into /usr/share/univention-samba4/scripts/sysvol-cleanup.py I guess that it takes the output of univention-s4search and filters for lowercase cn= . We also need to check if samba-tool ntacl sysvolreset/sysvolcheck can deal with this "case". And it would really be interesting why CN is different on both DCs, but, well. Advisory: univention-samba4.yaml YAML: OK Tests: Fail ------------------------------------------------------------------------------------------------------------------------------------------------------- root@master421:~# ls -la /var/lib/samba/sysvol/deadlock42.intranet/Policies/ insgesamt 32 drwxrwx---+ 4 Administrator Administrators 4096 Mai 3 08:10 . drwxrwx---+ 4 Administrator Administrators 4096 Mai 3 08:08 .. drwxrwx---+ 4 Administrator Domain Admins 4096 Apr 4 14:54 {31B2F340-016D-11D2-945F-00C04FB984F9} drwxrwx---+ 4 Administrator Domain Admins 4096 Apr 4 14:54 {6AC1786C-016F-11D2-945F-00C04FB984F9} root@master421:~# /usr/share/univention-samba4/scripts/sysvol-cleanup.py --verbose --move /var/lib/samba/sysvol_backup The following LDAP GPOs were found: - {31B2F340-016D-11D2-945F-00C04FB984F9} - {6AC1786C-016F-11D2-945F-00C04FB984F9} The following file system GPOs were found: - {6AC1786C-016F-11D2-945F-00C04FB984F9} - {31B2F340-016D-11D2-945F-00C04FB984F9} root@master421:~# apt-get dist-upgrade [...] Die folgenden Pakete werden aktualisiert (Upgrade): univention-samba4 univention-samba4-sysvol-sync 2 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert. Es müssen noch 0 B von 125 kB an Archiven heruntergeladen werden. Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt. Möchten Sie fortfahren? [J/n] y (Lese Datenbank ... 93708 Dateien und Verzeichnisse sind derzeit installiert.) Vorbereitung zum Entpacken von .../univention-samba4_6.0.10-3A~4.2.0.201704252056_amd64.deb ... Entpacken von univention-samba4 (6.0.10-3A~4.2.0.201704252056) über (6.0.9-10A~4.2.0.201703301128) ... Vorbereitung zum Entpacken von .../univention-samba4-sysvol-sync_6.0.10-3A~4.2.0.201704252056_all.deb ... Entpacken von univention-samba4-sysvol-sync (6.0.10-3A~4.2.0.201704252056) über (6.0.9-10A~4.2.0.201703301128) ... Trigger für univention-config (12.0.1-5A~4.2.0.201703151910) werden verarbeitet ... dpkg-query: Kein Paket gefunden, das auf ldapacl_66univention-appcenter_app.acl passt univention-samba4-sysvol-sync (6.0.10-3A~4.2.0.201704252056) wird eingerichtet ... File: /etc/cron.d/sysvol-cleanup File: /etc/cron.d/sysvol-sync Not updating samba4/sysvol/cleanup/cron univention-samba4 (6.0.10-3A~4.2.0.201704252056) wird eingerichtet ... [...] root@master421:~# /usr/share/univention-samba4/scripts/sysvol-cleanup.py --verbose --move /var/lib/samba/sysvol_backup The following LDAP GPOs were found: - {31b2f340-016d-11d2-945f-00c04fb984f9} - {6ac1786c-016f-11d2-945f-00c04fb984f9} The following file system GPOs were found: - {6AC1786C-016F-11D2-945F-00C04FB984F9} - {31B2F340-016D-11D2-945F-00C04FB984F9} Move unused GPO {6AC1786C-016F-11D2-945F-00C04FB984F9} to /var/lib/samba/sysvol_backup/{6AC1786C-016F-11D2-945F-00C04FB984F9}_201705030812 Move unused GPO {31B2F340-016D-11D2-945F-00C04FB984F9} to /var/lib/samba/sysvol_backup/{31B2F340-016D-11D2-945F-00C04FB984F9}_201705030812 root@master421:~# ls -la /var/lib/samba/sysvol/deadlock42.intranet/Policies/ insgesamt 16 drwxrwx---+ 2 Administrator Administrators 4096 Mai 3 08:12 . drwxrwx---+ 4 Administrator Administrators 4096 Mai 3 08:08 .. root@master421:~# ------------------------------------------------------------------------------------------------------------------------------------------------------- Ok, fixed. @slave univention-s4search objectClass=groupPolicyContainer cn | grep -i cn: cn: {31B2F340-016D-11D2-945F-00C04FB984F9} cn: {6AC1786C-016F-11D2-945F-00C04FB984F9} CN: {7FE24A72-5C6E-43CB-9527-93D5DA966864} @master univention-s4search objectClass=groupPolicyContainer cn | grep -i cn: cn: {31B2F340-016D-11D2-945F-00C04FB984F9} cn: {6AC1786C-016F-11D2-945F-00C04FB984F9} cn: {7FE24A72-5C6E-43CB-9527-93D5DA966864} before the update @slave sysvol-cleanup.py --verbose The following LDAP GPOs were found: - {31B2F340-016D-11D2-945F-00C04FB984F9} - {6AC1786C-016F-11D2-945F-00C04FB984F9} The following file system GPOs were found: - {31B2F340-016D-11D2-945F-00C04FB984F9} - {085209BD-1E7A-4E08-A0BF-C4764CE9DA82} - {7FE24A72-5C6E-43CB-9527-93D5DA966864} - {6AC1786C-016F-11D2-945F-00C04FB984F9} Found unused GPO: {7FE24A72-5C6E-43CB-9527-93D5DA966864} after the update @slave ysvol-cleanup.py --verbose The following LDAP GPOs were found: - {31B2F340-016D-11D2-945F-00C04FB984F9} - {6AC1786C-016F-11D2-945F-00C04FB984F9} - {7FE24A72-5C6E-43CB-9527-93D5DA966864} The following file system GPOs were found: - {31B2F340-016D-11D2-945F-00C04FB984F9} - {7FE24A72-5C6E-43CB-9527-93D5DA966864} - {6AC1786C-016F-11D2-945F-00C04FB984F9} Found unused GPO: {085209BD-1E7A-4E08-A0BF-C4764CE9DA82} @master OK OK - samba-tool ntacl sysvolreset/check OK - YAML |