Problem: No memberOf Attributes in Samba after Update to UCS 5

Problem

After Update to UCS 5 the users (seem) to have no memberOf attribute attached anymore

Environment (optional)

UCS 5 comming from UCS 4 with samba ad

Solution

Verify if group “Pre-Windows 2000 Compatible Access” has a security principal attached:

root@dc0:~# samba-tool group listmembers "Pre-Windows 2000 Compatible Access"
S-1-5-11

The default looks like above. If there is no security principal attached you need to add one.

root@dc0:~# samba-tool group addmembers "Pre-Windows 2000 Compatible Access" --member-dn="CN=S-1-5-11,CN=ForeignSecurityPrincipals,$(ucr get samba4/ldap/base)"

The default is AUTHENTICATED_USERS (S-1-5-11) but maybe you want to set ENTERPRISE_DOMAIN_CONTROLLERS (S-1-5-9) as this is not so open and should be enough for univention-s4search and within a big usage scope.
The workaround against printing nightmare in windows AD was removing authenticated users from the group.

This topic was automatically closed after 24 hours. New replies are no longer allowed.