Moin / Hello.
I am building a lab environment to test migration from Zentyal 6 and 7 to UCS. I will be migrating about 15 systems in total.
I clone the original production Zentyal VM and create a new UCS server VM, from downloaded qcow file. Isolated network (NAT access to Internet). KVM virtualization.
UCS version is 5.0-2 errata467
Zentyal version is 6.2.9 (samba version 4.7.6 on Ubuntu 18.04.6 LTS)
This problems happen consistently, and I can repeat, with all my lab tests:
All users and all groups migrate to UCS. But most of the users do not transfer all group memberships.
Some users retain some group memberships, some other users loose all group memberships.
I cannot find any obvious errors in ad-takeover log (I can post log if requested).
I cannot find any relation between users and groups, it seems to be completely random. Example: original user was member of 8 groups on original server, but only member of 4 groups in UCS after migration
If I check a user with “samba-tool user edit USERNAME” on UCS server, memberships are already missing, just after migration.
Also, after migration, ALL users fail to synchronize with the S4 connector. All are rejected.
The problem seems to be the “homeDirectory” attribute.
Error message in log is: “InvalidSyntax: Unix home directory: Not an absolute path!”
Original values of “homeDirectory” are in the form “\originalserver.domain.ext\username”
If I change value to any other string (with samba-tool), there is still the synchronization issue
If I manually DELETE the attribute with “samba-tool user edit USERNAME” (delete the WHOLE attribute line) the user gets synchronized, with warning “__set_values: The attributes for unixhome have not been removed as it represents a mandatory attribute”
I can edit again the user with “samba-tool user edit USERNAME” and insert the EXACT SAME ORIGINAL attribute, and the S4 connector synchronizes correctly the user.
Actually, I made a script to do this: delete all homeDirectory attribute from all users, pause to give time for S4 connector synchronization, and re-insert THE SAME homeDirectory attribute and value. S4 makes synchronization without any problem. After re-inserting the attribute, S4 has no problem synchronizing. (For the script, I use ldapmodify)
Two more minor problems:
After the migration, in System diagnostics, There are two warnings:
Warning: Check nameserver entries on DNS zones
Found errors in the nameserver entries of the following zones. Please refer to Univention Support Database - Bind: zone transfer failed for further information.
In forward zone dsr.lan (see “DNS” module):
Found illegal alias record (CNAME record) for nameserver srv01.dsr.lan.
If I change the DNS record for the old server from CNAME to HOST, problem goes away.
Warning: Check file permissions
File ‘/etc/univention/connector/s4internal.sqlite’ has mode 600, 644 was expected.
If I chmod the suggested permissions, warning goes away.
Please, I would greatly appreciate any clues, specially with users’ group membership and S4 connector rejects.
Thank you very much for your time.