Ubuntu
samba package

Attribute-Editor is missing when enabling Advanced Features in RSAT

Bug #1831345 reported by Martin Wolf
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

I created a samba-ad with the following parameters:
"samba-tool domain provision --realm=adiumentum.local --domain=adiumentum --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass=Admin123 --option="interfaces=lo eth0" --option="bind interfaces only=yes" --use-rfc2307"

Then I tried to connect to my samba ad from a non ad member pc (Win10) with:
%windir%\system32\runas /netonly /user:ADIUMENTUM\Administrator "mmc dsa.msc /server=10.0.0.35"

The connection works without problems but when I enable "Advanced Features" and try to edit a user the tab "attribute editor" is not present.

Then I installed Fedora 30 with samba 4.10.x and created a similar enviroment.
When I connected to this machine and looked for the Attribute Edtior tab, it was present.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.11
ProcVersionSignature: Ubuntu 4.18.0-20.21~18.04.1-generic 4.18.20
Uname: Linux 4.18.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Sat Jun 1 19:30:49 2019
NmbdLog:

ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SambaServerRegression: No
SmbConfIncluded: Yes
SmbLog:

SourcePackage: samba
TestparmExitCode: 0
UbuntuFailedConnect: Yes
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Can you please try the same with Ubuntu Disco 19.04? It has samba 4.10.0. Also, if you compare smb.conf between the one you got in fedora's 4.10.0, and ubuntu's 4.7.6, are they the same? After profisioning, that is.

Changed in samba (Ubuntu):
status: New → Incomplete
Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :

I did what you asked today and it also works with Ubuntu 19.04

smb.conf (18.04)
# Global parameters
[global]
        dns forwarder = 1.1.1.1
        netbios name = UBUNTU-SERVER
        realm = ADIUMENTUM.LOCAL
        server role = active directory domain controller
        workgroup = ADIUMENTUM
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/adiumentum.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

smb.conf (19.04)
# Global parameters
[global]
        dns forwarder = 1.1.1.1
        netbios name = UBUNTU-SERVERV2
        realm = ADIUMENTUM.LOCAL
        server role = active directory domain controller
        workgroup = ADIUMENTUM
        idmap_ldb:use rfc2307 = yes

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[netlogon]
        path = /var/lib/samba/sysvol/adiumentum.local/scripts
        read only = No

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Ok, so it's a new feature in samba 4.10. That's unlikely to get backported to bionic, which has 4.7.x.

Changed in samba (Ubuntu):
importance: Undecided → Wishlist
status: Incomplete → Triaged
Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :

No, it is a bug.
The Attribute-Editor is an essential part of an active directoy.

Take a look here:
https://wiki.samba.org/index.php/Maintaining_Unix_Attributes_in_AD_using_ADUC

This screenshot is pretty old since the "Unix-Attributes" next to the "Attribute Editor" has been deprecated with Windows Server 2016.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I browsed the WHATSNEW.txt file looking for something to indicate how and when this was addressed, but didn't find it. Would you be able to take a look, since you are more familiar with this feature?

Here are some links:
https://github.com/samba-team/samba/blob/v4-7-test/WHATSNEW.txt
https://github.com/samba-team/samba/blob/v4-8-test/WHATSNEW.txt
https://github.com/samba-team/samba/blob/v4-9-test/WHATSNEW.txt
https://github.com/samba-team/samba/blob/v4-10-stable/WHATSNEW.txt

If we find when it changed, then we can check how big of a change it is and evaluate this bug better.

Thanks!

Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :

In the meantime I tested with Ubuntu 16.04.6 and the "Attribute-Editor" tab is also present on this system.
So the bug has to be between 16.04 and 18.04

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Can you catch something in the samba logs perhaps, when you enable advanced features?

Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :

I have not seen anything in particular related to that in the logs. Sambas logfiles are similar informative to the one it tries to emulate ...
I tried to install Ubuntu 17.10 but since it is EOL I cant install all neccessary packages.
Cant you get someone from the samba devs to take a look at it?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

You can increase the samba verbosity dynamically with "smbcontrol smbd debug <n>", where "n" is the level. I would start with 3

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.