Bug 45587
| Summary: | Check for Well Known SIDs fails for UCS@school if UCS Master is no Samba AD DC | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Michael Grandjean <grandjean> |
| Component: | UMC - System diagnostic | Assignee: | UMC maintainers <umc-maintainers> |
| Status: | RESOLVED DUPLICATE | QA Contact: | UMC maintainers <umc-maintainers> |
| Severity: | normal | ||
| Priority: | P5 | CC: | brodersen, ebersbach, kenkel |
| Version: | UCS 5.0 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | other | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=44333 https://forge.univention.org/bugzilla/show_bug.cgi?id=46706 https://forge.univention.org/bugzilla/show_bug.cgi?id=50768 |
||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
| Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
| User Pain: | 0.103 | Enterprise Customer affected?: | |
| School Customer affected?: | Yes | ISV affected?: | |
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
Error occurred as well under DcSlave (UCS 4.2-3) when setting up scenario 3 from http://docs.software-univention.de/ucsschool-szenarien-4.2-de.html#scenario-3 This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you. Still a problem. Noticed during preparation for the 5.0v2 school release. |
If the UCS Master in a UCS@school multiserver environment is not a Samba AD DC, the "Well Known SIDs" check on the school servers will always complain about missing accounts for "KRBTGT" and "Guest": > Kein Nutzer oder keine Gruppe mit SID S-1-5-21-1858433575-2913521688-961427091-502 gefunden, 'KRBTGT' war erwartet. > Kein Nutzer oder keine Gruppe mit SID S-1-5-21-1858433575-2913521688-961427091-501 gefunden, 'Guest' war erwartet. AFAICS this is because the check only searches for those accounts in OpenLDAP, but in this case they only exist on the Samba AD side on the UCS@school Slave.