Univention Bugzilla – Full Text Bug Listing |
Summary: | krbtgt rid != 502 if samba4 is installed after ucs@school on UCS Master | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | UMC - Users | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | best, ebersbach, grandjean, michelsmidt, requate, schwardt |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=45587 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.257 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: | Screenshot of system diagnostics |
Description
Felix Botner
2017-04-10 12:54:33 CEST
also true for Guest user (wkr 501) -> univention-s4search cn=guest objectSid| grep -i 'objectSid:' objectSid: S-1-5-21-3006362628-2186033213-1690935345-5010 Created attachment 9258 [details]
Screenshot of system diagnostics
The "Well Known" SIDs check in the system diagnostic module does detect this. Unfortunetaly, it doesn't offer any advice on how to resolve this :)
According to Arvid, this issue prevents password changes on the affected systems. I've adjusted UDM users/user so it works generically (for users). Merge commit: b56094583f1e57a84119da80f2c5fe9f1bc97ed6 Advisories: * univention-directory-manager-modules.yaml * univention-lib.yaml I've added an update check to univention-s4-connector.postinst which checks the RID of the krbtgt account and fixes it if possible (only on master+backup, if slapd is running and only during this update). 3d4486a753..1d47e0e6dc *** Bug 41543 has been marked as a duplicate of this bug. *** I've adjusted the patch once again to restrict the change to UCS@school. Merge commit: 661746fcdb0ebe21f293eb4ba7d603c32b3e0ae3 Advisory updated. OK - installation (s4 on master after school + school slave) OK - update (school master with s4 and broken krbtgt rid is fixed) OK - non school setup OK - univention-s4-connector.yaml OK - univention-lib.yaml OK - univention-directory-manager-modules.yaml |