UCS 3.2-4 Release Notes › release-notes-3.2-4-en.pdfdrive selected as a boot partition as a...

17
UCS 3.2-4 Release Notes Release notes for the installation and update of Univention Corporate Server (UCS) 3.2-4

Transcript of UCS 3.2-4 Release Notes › release-notes-3.2-4-en.pdfdrive selected as a boot partition as a...

  • UCS 3.2-4 Release Notes

    Release notes for the installation and updateof Univention Corporate Server (UCS) 3.2-4

  • # 2#

    Alle Rechte vorbehalten. / All rights reserved.

    (c) 2002-2014 Univention GmbH

    Mary-Somerville-Straße 1, 28359 Bremen, Deutschland/Germany

    [email protected]

    Jede aufgeführte Marke und jedes Warenzeichen steht im Eigentum ihrer jeweiligen eingetragenen Rechtsinhaber. Linuxist ein eingetragenes Warenzeichen von Linus Torvalds.

    The mentioned brand names and registered trademarks are owned by the respective legal owners in each case. Linux isa registered trademark of Linus Torvalds.

    mailto:[email protected]

  • # 3#

    Table of Contents1. Univention Corporate Server (UCS) 3.2-4 .......................................................................... # 4# 2. Recommended update order for environments with more than one UCS server .......................... # 5# 3. Preparation of update ..................................................................................................... # 6# 4. Postprocessing of the update ........................................................................................... # 7#

    4.1. Operating a local repository server / pre-up/ post-up scripts ........................................ # 7# 5. Further notes on selected packages ................................................................................... # 8#

    5.1. Collection of usage statistics when using the free-for-personal-use version ..................... # 8# 5.2. UEFI installation DVD ........................................................................................ # 8# 5.3. Scope of security support for Webkit, Konqueror und QtWebKit ................................. # 8# 5.4. Recommeded browsers for the access to the Univention Management Console ................ # 8# 5.5. Restrictions in Samba 4 operation .......................................................................... # 9# 5.6. Installation in VirtualBox ..................................................................................... # 9# 5.7. Installation in Citrix XenServer ............................................................................. # 9# 5.8. Migration of a Samba 3 environment to Samba 4 ...................................................... # 9# 5.9. Xen ................................................................................................................. # 10#

    6. Changelog .................................................................................................................. # 11# 6.1. General ............................................................................................................ # 11# 6.2. Univention Updater ........................................................................................... # 11# 6.3. Basic system services ......................................................................................... # 11#

    6.3.1. Linux kernel and firmware packages .......................................................... # 11# 6.3.2. Univention Configuration Registry ............................................................. # 12#

    6.4. Domain services ................................................................................................ # 12# 6.4.1. Univention Directory Manager .................................................................. # 12# 6.4.2. OpenLDAP ............................................................................................ # 12#

    6.4.2.1. Listener/Notifier domain replication ................................................. # 12# 6.4.3. Join ...................................................................................................... # 12#

    6.5. Univention Management Console ......................................................................... # 12# 6.5.1. Univention Management Console web interface ............................................ # 12# 6.5.2. Univention Management Console server ..................................................... # 13# 6.5.3. Basic settings / Appliance mode ................................................................ # 13# 6.5.4. Users module ......................................................................................... # 13#

    6.6. Software deployment ......................................................................................... # 13# 6.6.1. Software monitor .................................................................................... # 13#

    6.7. Univention Library ............................................................................................ # 13# 6.8. System services ................................................................................................. # 14#

    6.8.1. Mail services .......................................................................................... # 14# 6.8.2. Printing services ..................................................................................... # 14# 6.8.3. Nagios .................................................................................................. # 14# 6.8.4. SSL ...................................................................................................... # 14# 6.8.5. Proxy services ........................................................................................ # 14# 6.8.6. PAM / Local group cache ......................................................................... # 15# 6.8.7. Other services ........................................................................................ # 15#

    6.9. Virtualisation .................................................................................................... # 15# 6.9.1. Xen ...................................................................................................... # 15#

    6.10. Services for Windows ....................................................................................... # 15# 6.10.1. Samba ................................................................................................. # 15# 6.10.2. Univention AD Takeover ........................................................................ # 15# 6.10.3. Univention S4 Connector ........................................................................ # 15# 6.10.4. Univention Active Directory Connector ..................................................... # 16#

    Bibliography ................................................................................................................... # 17#

  • # 4#

    Chapter 1. Univention Corporate Server(UCS) 3.2-4

    The fourth point release for Univention Corporate Server (UCS) is now available in the form of UniventionCorporate Server 3.2-4. The online repository provided by Univention can be used to update existing UCSsystems or, alternatively, updates can be installed from an update DVD. There are also UCS 3.2-4 ISO imagesavailable for new installations. UCS 3.2-4 includes all the errata updates published for UCS 3.2-3.

  • # 5#

    Chapter 2. Recommended update orderfor environments with more than oneUCS server

    In environments with more than one UCS system, the update order of the UCS systems must be borne in mind:

    The authoritative version of the LDAP directory service is maintained on the master domain controller andreplicated on all the remaining LDAP servers of the UCS domain. As changes to the LDAP schemes can occurduring release updates, the master domain controller must always be the first system to be updated duringa release update.

    It is generally advisable to update all UCS systems in one maintenance window whenever possible.

  • # 6#

    Chapter 3. Preparation of updateIt must be checked whether sufficient disk space is available. A standard installation requires a minimum of 6GB of disk space. Depending on the scope of the existing installation, the update will require at least another1 GB of disk space for the downloading and installation of the packages.

    For the update, a login should be performed on the console with the root user and then the update started there.Alternatively, the update can be initiated using the Univention Management Console.

    Remote updating via SSH is not recommended as this may result in the update procedure being cancelled ifthe network connection is interrupted, for example, and this can affect the system. If updating should occurover a network connection nevertheless, it must be verified that the update continues despite disconnectionfrom the network. This can be done, for example, using the tools screen and at, which are installed onall system roles.

  • Operating a local repository server / pre-up/ post-up scripts

    # 7#

    Chapter 4. Postprocessing of the updateFollowing the update, new or updated join scripts need to be executed. This can be done in two ways: Eitherusing the UMC module Domain join or by running the command univention-run-join-scriptsas the user root.

    Subsequently the UCS system should be restarted.

    4.1. Operating a local repository server / pre-up/ post-upscripts

    Fe e d b a ck

    Pre-up and postup scripts are scripts which are run before and after release updates (e.g., for post-processingthe update, for example by uninstalling obsolete packages). As of UCS 3.2, these scripts are cryptographical-ly signed to prevent unauthorized modification. During the update and when mirroring the repository thesesignatures are checked. If they're invalid or missing, the action is aborted.

    If a repository server is operated with UCS 3.1-x, it should be updated to UCS 3.2 before additional systemscan be updated to UCS 3.2-1 or newer.

    If it is not possible to update the repository server, the signature files must be downloaded manually:

    LOCAL_DIR="/var/lib/univention-repository/mirror"SERVER="http://updates.software-univention.de"for release in 3.2-0 3.2-1 3.2-2 3.2-3 3.2-4; do for script in preup postup; do file="3.2/maintained/$release/all/$script.sh.gpg" wget -O "$LOCAL_DIR/$file" "$SERVER/$file" donedone

    Alternatively, it is also possible to disable the signature checks, which can be a security risk. For the reposi-tory server this can be done by setting the Univention Configuration Registry variable repository/mir-ror/verify to false. For the update the Univention Configuration Registry variable repository/on-line/verify must be set to false on all systems.

    http://www.univention.com/feedback?manual=repo:verify

  • Collection of usage statistics when using the free-for-personal-useversion

    # 8#

    Chapter 5. Further notes on selectedpackages5.1. Collection of usage statistics when using the free-for-personal-use version

    Fe e d b a ck

    Anonymous usage statistics on the use of the Univention Management Console are collected when using thefree for personal use version of UCS (which is generally used for evaluating UCS). The modules opened arelogged in an instance of the web traffic analysis tool Piwik. This makes it possible for Univention to tailorthe development of the Univention Management Console better to customer needs and carry out usabilityimprovements.

    This logging is only performed when the free-for-personal-use license is used. The license status can be ver-ified by clicking on the cog symbol in the top righthand corner of the Univention Management Console andselecting License information. If Free for personal use edition is listed under License type, this version isin use. When a regular UCS license is used, no usage statistics are collected.

    Regardless of the licence used, the statistics generation can be deactivated by setting the Univention Config-uration Registry variable umc/web/piwik to false.

    5.2. UEFI installation DVD Fe e d b a ck

    In addition to the standard installation DVD there is also a medium with support for the Unified ExtensibleFirmware Interface standard (UEFI) available for the amd64 architecture.

    It must be used instead of the standard DVD on systems which only support a UEFI boot.

    5.3. Scope of security support for Webkit, Konquerorund QtWebKit

    Fe e d b a ck

    Webkit, Konqueror and QtWebkit are shipped in the maintained branch of the UCS repository, but not coveredwith security support. Webkit is primarily used for displaying HTML help pages etc. Firefox should be usedas the web browser.

    5.4. Recommeded browsers for the access to the Uni-vention Management Console

    Fe e d b a ck

    Univention Management Console uses numerous JavaScript and CSS functions to display the web interface.Cookies need to be permitted in the browser. The following browsers are recommended:

    • Chrome as of version 14

    • Firefox as of version 10

    • Internet Explorer as of version 9

    • Safari (on the iPad 2)

    http://www.univention.com/feedback?manual=relnotes:usagehttp://www.univention.com/feedback?manual=relnotes:uefihttp://www.univention.com/feedback?manual=relnotes:secbrowsershttp://www.univention.com/feedback?manual=relnotes:browsers

  • Restrictions in Samba 4 operation

    # 9#

    Users with older browsers may experience display or performance problems.

    5.5. Restrictions in Samba 4 operation Fe e d b a ck

    Some Active Directory functions are currently not available in Samba 4:

    • Microsoft Windows domain controllers must not be joined in a Samba 4 domain currently.

    • Selective replication is not possible with Samba 4 as this is not supported by Active Directory in principle(in UCS@school selective replication is implemented through the listener/notifier replication mechanism).

    • Samba 4 does not currently support forest domains.

    • Samba 4 does not currently support trust relationships.

    Further information can be found in Chapter 8 of the [ucs-manual].

    5.6. Installation in VirtualBox Fe e d b a ck

    During the installation of UCS in the virtualization solution VirtualBox, a VirtualBox bug may appear whichhas been corrected in version 4.2: if UCS has been successfully installed and the DVD is still in the diskdrive, the installation DVD offers the option Boot from first harddisk partition. If you select this option,VirtualBox freezes.

    For Linux distributions which still use Virtualbox 4.0 or 4.1, either the installation DVD should be removedfrom the drive settings of the VirtualBox VM or F12 pressed when starting the virtual instance and the harddrive selected as a boot partition as a workaround before starting the UCS VM. UCS will then start success-fully.

    5.7. Installation in Citrix XenServer Fe e d b a ck

    When UCS is installed in the virtualization solution Citrix XenServer 6.0 - 6.2, the GRUB menu of the Uni-vention installer is not shown with the Cirrus graphics card emulated as standard. The Univention Installercan be started directly by pressing the ENTER key; alternatively, the installation starts automatically aftersixty seconds. The Univention Installer which then starts is displayed as normal.

    To display GRUB correctly, the graphics card emulated by XenServer can be reconfigured. This is done bylogging on to the XenServer system as the root user. Firstly, the xe vm-list command is used to determinethe UUID of the virtual machine. The following command is then used to reconfigure the emulated graphicscard to VGA:

    xe vm-param-set uuid=UUIDVM platform:vga=std

    5.8. Migration of a Samba 3 environment to Samba 4 Fe e d b a ck

    There are two basic procedures for migrating Samba 3 to Samba 4:

    • Setup of a parallel Samba 4 domain. Both domains use different NetBIOS names and SIDs. The clientsthen join the Samba 4 step by step.

    • Migration of all systems within one maintenance window.

    Both procedures are documented in detail in the Univention Wiki: http://wiki.univention.de/index.php?title=Migration_from_Samba_3_to_Samba_4.

    http://www.univention.com/feedback?manual=relnotes:s4limitshttp://www.univention.com/feedback?manual=relnotes:virtualboxhttp://www.univention.com/feedback?manual=relnotes:xenserverhttp://www.univention.com/feedback?manual=relnotes:s3tos4http://wiki.univention.de/index.php?title=Migration_from_Samba_3_to_Samba_4http://wiki.univention.de/index.php?title=Migration_from_Samba_3_to_Samba_4

  • Xen

    # 10#

    5.9. Xen Fe e d b a ck

    If the Xen hypervisor is used and the memory limit for the Dom0 has been configured using the UniventionConfiguration Registry-Variable grub/xenhopt, the value should be updated to include the ,max: part aswell. See the http://wiki.univention.de/index.php?title=UVMM_Quickstart-3.1/en#Configuring_the_Dom0for details.

    http://www.univention.com/feedback?manual=relnotes:xenhopthttp://wiki.univention.de/index.php?title=UVMM_Quickstart-3.1/en#Configuring_the_Dom0

  • General

    # 11#

    Chapter 6. ChangelogListed are the changes since UCS 3.2-3:

    6.1. General Fe e d b a ckAll security updates issued for UCS 3.2-3 are included:

    • Package apt CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 CVE-2014-6273 (Bug 35948, Bug 35986,Bug 36277).

    • Package bash: CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 (Bug 35992, Bug36008).

    • Package curl: CVE-2014-3613 (Bug 35874).

    • Package firefox-de: CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1544CVE-2014-1562 CVE-2014-1567 CVE-2014-1568 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 CVE-2014-1583 (Bug 35807, Bug35993, Bug 36175).

    • Package firefox-en: CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1544CVE-2014-1562 CVE-2014-1567 CVE-2014-1568 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 CVE-2014-1583 (Bug 35807, Bug35993, Bug 36175).

    • Package lua50: CVE-2014-5461 (Bug 35770).

    • Package lua5.1: CVE-2014-5461 (Bug 35771).

    • Package poppler: CVE-2010-5110 (Bug 33265).

    • Package procmail: CVE-2014-3618 (Bug 35817).

    • Package squid3: CVE-2014-3609 (Bug 35732).

    • Package xen-4.1: CVE-2013-4368 CVE-2014-1950 CVE-2014-2599 CVE-2014-3124 CVE-2014-4021CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 (Bug 34115).

    6.2. Univention Updater Fe e d b a ck

    • The HTTP HEAD query of the updater now also transfers the component installation status (Bug 35645).

    • The tool univention-repository-create has been updated and is now able to handle UCS-4 DVDs (Bug36269).

    • The updater package is now limited to Python 2.6 (Bug 34781).

    • The postup.sh script was adapted to the univention-check-templates return codes (Bug 34972).

    6.3. Basic system services Fe e d b a ck

    6.3.1. Linux kernel and firmware packages Fe e d b a ck

    • An overflow in the KVM time handling code prevented the start of a VM. This has been fixed (Bug 35808).

    http://www.univention.com/feedback?manual=changelog:generalhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35948https://forge.univention.org/bugzilla/show_bug.cgi?id=35986https://forge.univention.org/bugzilla/show_bug.cgi?id=36277https://forge.univention.org/bugzilla/show_bug.cgi?id=35992https://forge.univention.org/bugzilla/show_bug.cgi?id=36008https://forge.univention.org/bugzilla/show_bug.cgi?id=36008https://forge.univention.org/bugzilla/show_bug.cgi?id=35874https://forge.univention.org/bugzilla/show_bug.cgi?id=35807https://forge.univention.org/bugzilla/show_bug.cgi?id=35993https://forge.univention.org/bugzilla/show_bug.cgi?id=35993https://forge.univention.org/bugzilla/show_bug.cgi?id=36175https://forge.univention.org/bugzilla/show_bug.cgi?id=35807https://forge.univention.org/bugzilla/show_bug.cgi?id=35993https://forge.univention.org/bugzilla/show_bug.cgi?id=35993https://forge.univention.org/bugzilla/show_bug.cgi?id=36175https://forge.univention.org/bugzilla/show_bug.cgi?id=35770https://forge.univention.org/bugzilla/show_bug.cgi?id=35771https://forge.univention.org/bugzilla/show_bug.cgi?id=33265https://forge.univention.org/bugzilla/show_bug.cgi?id=35817https://forge.univention.org/bugzilla/show_bug.cgi?id=35732https://forge.univention.org/bugzilla/show_bug.cgi?id=34115http://www.univention.com/feedback?manual=changelog:updaterhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35645https://forge.univention.org/bugzilla/show_bug.cgi?id=36269https://forge.univention.org/bugzilla/show_bug.cgi?id=36269https://forge.univention.org/bugzilla/show_bug.cgi?id=34781https://forge.univention.org/bugzilla/show_bug.cgi?id=34972http://www.univention.com/feedback?manual=changelog:basichttp://www.univention.com/feedback?manual=changelog:basic:kernelhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35808

  • Univention Configuration Registry

    # 12#

    • In some situations the Xen netback driver caused an OOPS and prevented any VM from accessing thenetwork. This has been fixed (Bug 35826).

    6.3.2. Univention Configuration Registry Fe e d b a ck

    • Skip writing of internal cache during configHandlers.load() if the process has no write permission (Bug35368).

    • univention-check-templates has been fixed to correctly handle conffiles with spaces (Bug 35202).

    6.4. Domain services Fe e d b a ck

    6.4.1. Univention Directory Manager Fe e d b a ck

    • The modification of the alternative mail address is now allowed in AD member mode (Bug 35672).

    • The syntax for group names has been adapted. The default group names of a French Active Directory areallowed now (Bug 35521).

    • A traceback has been fixed if more than one colon is set in the automountInformation attribute (Bug 34541).

    • The setting of the Kerberos principal name for computer/macos objects have been fixed (Bug 35526).

    • A backslash in the home share path value of a user no longer results in a traceback (Bug 35953).

    6.4.2. OpenLDAP Fe e d b a ck

    6.4.2.1. Listener/Notifier domain replication Fe e d b a ck

    • The notifier join script now waits for the first initialization of the listener on a DC master. This avoids arace condition during the DC master installation (Bug 35723).

    • A replication issue has been fixed which could occur when joining a UCS DC into a domain which had thememberof LDAP overlay active at some point and later deactivated it (Bug 35480).

    • Locking and signal handling of the univention-directory-listener has been improved (Bug 34013).

    • Schema replication needs to filter out new operational (i.e. builtin) LDAP attributes which will be activatedin UCS 4.0 (Bug 36113).

    • Object replication needs to filter out operational ppolicy LDAP attributes which may be found on a UCS4.0 master (Bug 36353).

    6.4.3. Join Fe e d b a ck

    • univention-join no longer overwrites the join.log on DC slave (Bug 34909).

    6.5. Univention Management Console Fe e d b a ck

    6.5.1. Univention Management Console web interface Fe e d b a ck

    • If an email address is given during the system setup, the startup wizard won't ask for an activation address.This prevents a possible double registration (Bug 35711).

    https://forge.univention.org/bugzilla/show_bug.cgi?id=35826http://www.univention.com/feedback?manual=changelog:basis:ucrhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35368https://forge.univention.org/bugzilla/show_bug.cgi?id=35368https://forge.univention.org/bugzilla/show_bug.cgi?id=35202http://www.univention.com/feedback?manual=changelog:domainhttp://www.univention.com/feedback?manual=changelog:domain:udmhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35672https://forge.univention.org/bugzilla/show_bug.cgi?id=35521https://forge.univention.org/bugzilla/show_bug.cgi?id=34541https://forge.univention.org/bugzilla/show_bug.cgi?id=35526https://forge.univention.org/bugzilla/show_bug.cgi?id=35953http://www.univention.com/feedback?manual=changelog:domain:openldaphttp://www.univention.com/feedback?manual=changelog:domain:openldap:replicationhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35723https://forge.univention.org/bugzilla/show_bug.cgi?id=35480https://forge.univention.org/bugzilla/show_bug.cgi?id=34013https://forge.univention.org/bugzilla/show_bug.cgi?id=36113https://forge.univention.org/bugzilla/show_bug.cgi?id=36353http://www.univention.com/feedback?manual=changelog:domain:joinhttps://forge.univention.org/bugzilla/show_bug.cgi?id=34909http://www.univention.com/feedback?manual=changelog:umchttp://www.univention.com/feedback?manual=changelog:umc:webhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35711

  • Univention Management Console server

    # 13#

    6.5.2. Univention Management Console server Fe e d b a ck

    • Some displaying issues in UMC related to the new AD member mode have been fixed (Bug 35610).

    • The handling of connections between the UMC parts has been improved. Faulty connections will be closedand if the connection between UMC server and UMC module dies, the UMC module shuts down immedi-ately (Bug 32818).

    • The broken timer handling in the qt backend of python-notifier has been fixed. This problem could leade.g. to never stopping UMC modules (Bug 36472).

    6.5.3. Basic settings / Appliance mode Fe e d b a ck

    • After deactivating DHCP in the appliance wizard and switching to manual network configuration, the net-work interface remained in DHCP mode and ignored the static network configuration. This issue has beenfixed (Bug 35601).

    • Fixed suggestion of FQDN build from value entered in the organization field in appliance mode (Bug34090).

    • Moved setup of apache startsite on EC2 to an earlier stage in the boot process (Bug 35587).

    • Do not show Firefox data submission policy popup during system setup (Bug 35721).

    • The Windows NETBIOS domain name can now be up to 15 characters long (Bug 35605).

    • Problems with reloading values and displaying messages after saving changes have been corrected (Bug35599).

    • The UMC now warns the user if DHCP is selected but a link-local IP address is used. This can occur ifDHCP is preconfigured but no DHCP lease could be obtained (Bug 35815).

    6.5.4. Users module Fe e d b a ck

    • In AD member mode users and clients synchronized from Active Directory are now ignored in the licensecount (Bug 35647).

    • Failures on report creation can not block UMC usage anymore (Bug 34333).

    • Long base DNs in license files are now handled correctly (Bug 35580).

    • A possible double registration is now prevented by a new ucr variable (Bug 35711).

    6.6. Software deployment Fe e d b a ck

    6.6.1. Software monitor Fe e d b a ck

    • A traceback in the pkgdb listener has been fixed (Bug 35367).

    6.7. Univention Library Fe e d b a ck

    • The AD member setup does now ignore the spelling of the domain name (Bug 35757).

    • The python module atjobs is now EINTR-safe, i.e., for interrupted function call signals (Bug 31319).

    http://www.univention.com/feedback?manual=changelog:umc:serverhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35610https://forge.univention.org/bugzilla/show_bug.cgi?id=32818https://forge.univention.org/bugzilla/show_bug.cgi?id=36472http://www.univention.com/feedback?manual=changelog:umc:setuphttps://forge.univention.org/bugzilla/show_bug.cgi?id=35601https://forge.univention.org/bugzilla/show_bug.cgi?id=34090https://forge.univention.org/bugzilla/show_bug.cgi?id=34090https://forge.univention.org/bugzilla/show_bug.cgi?id=35587https://forge.univention.org/bugzilla/show_bug.cgi?id=35721https://forge.univention.org/bugzilla/show_bug.cgi?id=35605https://forge.univention.org/bugzilla/show_bug.cgi?id=35599https://forge.univention.org/bugzilla/show_bug.cgi?id=35599https://forge.univention.org/bugzilla/show_bug.cgi?id=35815http://www.univention.com/feedback?manual=changelog:umc:userhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35647https://forge.univention.org/bugzilla/show_bug.cgi?id=34333https://forge.univention.org/bugzilla/show_bug.cgi?id=35580https://forge.univention.org/bugzilla/show_bug.cgi?id=35711http://www.univention.com/feedback?manual=changelog:deploymenthttp://www.univention.com/feedback?manual=changelog:deployment:monitorhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35367http://www.univention.com/feedback?manual=changelog:libhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35757https://forge.univention.org/bugzilla/show_bug.cgi?id=31319

  • System services

    # 14#

    • This update fixes a problem with reading progress report lines from 'dpkg' while installing Apps, whichlead to the installation getting stuck (Bug 35729).

    6.8. System services Fe e d b a ck

    6.8.1. Mail services Fe e d b a ck

    • The listener module hosteddomains.py has been moved from univention-mail-server to univention-mail-postfix (Bug 35232).

    • Several UCR variables have been added to univention-mail-postfix to allow better configuration of postfix'sperfect forward secrecy. (for detailed description please see -> ucr search variable_name).

    • mail/postfix/smtpd/tls/dh1024/param/file

    • mail/postfix/smtpd/tls/dh512/param/file

    • mail/postfix/smtpd/tls/loglevel

    • mail/postfix/smtp/tls/loglevel

    • mail/postfix/cron/recreate/dh/parameterDuring installation of this update univention-mail-postfix creates a set of DH parameter files for EDHciphers to use instead of the built-in parameters. Also, a cronjob /etc/cron.d/univention-mail-postfix hasbeen added to weekly recreate the DH parameter files (creating/recreating these parameter files can take awhile, depending on the quality of the systems random source) (Bug 35923).

    6.8.2. Printing services Fe e d b a ck

    • Assigning a Windows printer driver to a Samba print share renamed the share to the name of the printerdriver which may be confusing and could trigger a Windows error message (code 0x0000007a). Test pageprinting would fail in this case. Now the UCS management tools create Samba printer shares with the optionforce printername which is provided by Samba as a workaround for this issue. The option get's setwhile creating new or modifying existing printer shares. The new default can be reverted by settings theUCR variable samba/force_printername to no or false. The following command can be run once on eachUCS print server to set the option for all print shares hosted locally: univention-directory-lis-tener-ctrl resync cups-printers (Bug 33505).

    6.8.3. Nagios Fe e d b a ck

    • This update corrects problems in the apache configuration due to a dead symlink during the package instal-lation process. In specific setups this could have led to installation errors (Bug 35078).

    6.8.4. SSL Fe e d b a ck

    • The default hash function has been changed to sha256. This is configurable via the UCR variable ssl/default/hashfunction (Bug 35836).

    • The default key size has been changed to 2048 bits. This is configurable via the UCR variable ssl/default/bits(Bug 30545).

    6.8.5. Proxy services Fe e d b a ck

    • The UCR variable squid/forwardedfor has been added to configure Squid's forwarded_for configurationdirective (Bug 34025).

    https://forge.univention.org/bugzilla/show_bug.cgi?id=35729http://www.univention.com/feedback?manual=changelog:servicehttp://www.univention.com/feedback?manual=changelog:service:mailhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35232https://forge.univention.org/bugzilla/show_bug.cgi?id=35923http://www.univention.com/feedback?manual=changelog:service:printhttps://forge.univention.org/bugzilla/show_bug.cgi?id=33505http://www.univention.com/feedback?manual=changelog:service:nagioshttps://forge.univention.org/bugzilla/show_bug.cgi?id=35078http://www.univention.com/feedback?manual=changelog:service:sslhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35836https://forge.univention.org/bugzilla/show_bug.cgi?id=30545http://www.univention.com/feedback?manual=changelog:service:proxyhttps://forge.univention.org/bugzilla/show_bug.cgi?id=34025

  • PAM / Local group cache

    # 15#

    • The update for squid3 to fix CVE-2014-3609 erroneously removed SSL support. This update restores theSSL functionality (Bug 35980).

    6.8.6. PAM / Local group cache Fe e d b a ck

    • The UCR default for the security limit max open files has been fixed (now 32768) (Bug 35362).

    6.8.7. Other services Fe e d b a ck

    • This update disables the insecure protocols SSL 2.0 and SSL 3.0 for the Apache Webserver. It is possibleto override this by setting the UCR variable apache2/ssl/v2 and/or apache2/ssl/v3 to "true" before or afterthe update (Bug 36173).

    • This update fixes RADIUS access for clients in Samba AD domains (Bug 35516).

    6.9. Virtualisation Fe e d b a ck

    6.9.1. Xen Fe e d b a ck

    • The code signing certificate for the GPLPV drivers expired and has been replaced with a new certificatevalid until 10.10.2017. The new driver version is 0.11.0.373 (Bug 35849).

    6.10. Services for Windows Fe e d b a ck

    6.10.1. Samba Fe e d b a ck

    • All winbind processes are stopped correctly during samba4 join in 96univention-samba4.inst (Bug 35600).

    • The backup script univention-samba4-backup now ignores the tar file changed as we read its warning (Bug35392).

    • When installing broken printdrivers, samba returned a wrong error code (access denied). This has beenfixed (Bug 32771).

    • A bug has been fixed which could prevent a takeover of Windows 2012 servers with enabled recycle bin(Bug 35443).

    • The main samba (not smbd) processes have been restricted to 1024 open files. Now they use the valueconfigured in the UCR variable samba/max_open_files (Bug 34514).

    • A smbd crash on filenames with non-ascii characters has been fixed (Bug 36162).

    6.10.2. Univention AD Takeover Fe e d b a ck

    • When running AD takeover out of AD member mode it's necessary to flush samba caches to steer clearof IDMAP issues (Bug 35564).

    • If the spelling case of the domain name differs between AD and UCS the GPO check failed. This get's fixednow by renaming the domain specific directory in the sysvol share (Bug 35769).

    6.10.3. Univention S4 Connector Fe e d b a ck

    • A traceback due to an undefined variable in the password synchronization module has been fixed (Bug33263).

    https://forge.univention.org/bugzilla/show_bug.cgi?id=35980http://www.univention.com/feedback?manual=changelog:service:pamhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35362http://www.univention.com/feedback?manual=changelog:service:otherhttps://forge.univention.org/bugzilla/show_bug.cgi?id=36173https://forge.univention.org/bugzilla/show_bug.cgi?id=35516http://www.univention.com/feedback?manual=changelog:virthttp://www.univention.com/feedback?manual=changelog:virt:xenhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35849http://www.univention.com/feedback?manual=changelog:winhttp://www.univention.com/feedback?manual=changelog:win:adhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35600https://forge.univention.org/bugzilla/show_bug.cgi?id=35392https://forge.univention.org/bugzilla/show_bug.cgi?id=35392https://forge.univention.org/bugzilla/show_bug.cgi?id=32771https://forge.univention.org/bugzilla/show_bug.cgi?id=35443https://forge.univention.org/bugzilla/show_bug.cgi?id=34514https://forge.univention.org/bugzilla/show_bug.cgi?id=36162http://www.univention.com/feedback?manual=changelog:win:takeoverhttps://forge.univention.org/bugzilla/show_bug.cgi?id=35564https://forge.univention.org/bugzilla/show_bug.cgi?id=35769http://www.univention.com/feedback?manual=changelog:win:s4chttps://forge.univention.org/bugzilla/show_bug.cgi?id=33263https://forge.univention.org/bugzilla/show_bug.cgi?id=33263

  • Univention Active Directory Connector

    # 16#

    • The SID synchronization from OpenLDAP to Samba 4 has been fixed. This is used in UCS@school envi-ronments (Bug 35626).

    • A locking table has been added to the S4 connector which is used to avoid the synchronisation of incompleteobjects (Bug 35391).

    • A synchronization error for the telephone number has been fixed (Bug 31172).

    • The inital group membership sync has been fixed if the group exists on both sides and the group membersare different (Bug 33319).

    • Objects which are deleted in Samba 4 are now recursively removed in OpenLDAP (Bug 27290).

    • The sync_mode is now being checked in the post modify membership update functions (Bug 35251).

    • The S4 connector doesn't no longer delete the OpenLDAP domain controller object if the deleted Samba4 object was a Windows computer (Bug 35563).

    6.10.4. Univention Active Directory Connector Fe e d b a ck

    • A couple of messages have been improved in the UMC wizard (Bug 35602).

    • The determination of the Active Directory language has been fixed. This is needed for the group namemapping (Bug 35572).

    • The password synchronization can now be disabled by setting the UCR variable 'connector/ad/map-ping/user/password/disabled' to 'true' (Bug 35895).

    • A connection traceback has been fixed in the AD member mode wizard (Bug 35701).

    https://forge.univention.org/bugzilla/show_bug.cgi?id=35626https://forge.univention.org/bugzilla/show_bug.cgi?id=35391https://forge.univention.org/bugzilla/show_bug.cgi?id=31172https://forge.univention.org/bugzilla/show_bug.cgi?id=33319https://forge.univention.org/bugzilla/show_bug.cgi?id=27290https://forge.univention.org/bugzilla/show_bug.cgi?id=35251https://forge.univention.org/bugzilla/show_bug.cgi?id=35563http://www.univention.com/feedback?manual=changelog:win:adchttps://forge.univention.org/bugzilla/show_bug.cgi?id=35602https://forge.univention.org/bugzilla/show_bug.cgi?id=35572https://forge.univention.org/bugzilla/show_bug.cgi?id=35895https://forge.univention.org/bugzilla/show_bug.cgi?id=35701

  • Bibliography[ucs-manual] Univention GmbH. 2014. Univention Corporate Server - Manual for users and administrators. http://

    docs.univention.de/manual-3.2.html.

    http://docs.univention.de/manual-3.2.htmlhttp://docs.univention.de/manual-3.2.html

    UCS 3.2-4 Release NotesTable of ContentsChapter 1. Univention Corporate Server (UCS) 3.2-4Chapter 2. Recommended update order for environments with more than one UCS serverChapter 3. Preparation of updateChapter 4. Postprocessing of the update4.1. Operating a local repository server / pre-up/ post-up scripts

    Chapter 5. Further notes on selected packages5.1. Collection of usage statistics when using the free-for-personal-use version5.2. UEFI installation DVD5.3. Scope of security support for Webkit, Konqueror und QtWebKit5.4. Recommeded browsers for the access to the Univention Management Console5.5. Restrictions in Samba 4 operation5.6. Installation in VirtualBox5.7. Installation in Citrix XenServer5.8. Migration of a Samba 3 environment to Samba 45.9. Xen

    Chapter 6. Changelog6.1. General6.2. Univention Updater6.3. Basic system services6.3.1. Linux kernel and firmware packages6.3.2. Univention Configuration Registry

    6.4. Domain services6.4.1. Univention Directory Manager6.4.2. OpenLDAP6.4.2.1. Listener/Notifier domain replication

    6.4.3. Join

    6.5. Univention Management Console6.5.1. Univention Management Console web interface6.5.2. Univention Management Console server6.5.3. Basic settings / Appliance mode6.5.4. Users module

    6.6. Software deployment6.6.1. Software monitor

    6.7. Univention Library6.8. System services6.8.1. Mail services6.8.2. Printing services6.8.3. Nagios6.8.4. SSL6.8.5. Proxy services6.8.6. PAM / Local group cache6.8.7. Other services

    6.9. Virtualisation6.9.1. Xen

    6.10. Services for Windows6.10.1. Samba6.10.2. Univention AD Takeover6.10.3. Univention S4 Connector6.10.4. Univention Active Directory Connector

    Bibliography


UCS 4.0-2 Release Notes

UCS 4.0-2 Release Notes

UCS 4.4 Release Notes - software-univention.de · Datenbank und ein Frontend für die Integration in die UMC. Die Erfassung der Ereignisse ist Teil von UCS 4.4 und wird mit Installation

UCS 4.4 Release Notes - software-univention.de · Datenbank und ein Frontend für die Integration in die UMC. Die Erfassung der Ereignisse ist Teil von UCS 4.4 und wird mit Installation

Technische Release Notes BALVI iP 1.24 · Technische Release Notes BALVI iP 1.24.10 Seite 5 von 14 2 Installationsschritte 2.1 Webservices abschalten (soweit vorhanden) Alle Webservice-Module,

Technische Release Notes BALVI iP 1.24 · Technische Release Notes BALVI iP 1.24.10 Seite 5 von 14 2 Installationsschritte 2.1 Webservices abschalten (soweit vorhanden) Alle Webservice-Module,

Tekla Structures 21.1 Release Notes · PDF fileTekla Structures 21.1 Release Notes 10 Makros, Anwendungen und Plugins im Katalog Anwendungen und Komponenten verfügbar • Sie können

Tekla Structures 21.1 Release Notes · PDF fileTekla Structures 21.1 Release Notes 10 Makros, Anwendungen und Plugins im Katalog Anwendungen und Komponenten verfügbar • Sie können

Benutzerhandbuch Workshops (Auszug) · dem Fall zusätzlich unsere Release Notes lesen – insbesondere, wenn Sie ein Software-Update zu ei-nem höheren Release-Stand durchführen.

Benutzerhandbuch Workshops (Auszug) · dem Fall zusätzlich unsere Release Notes lesen – insbesondere, wenn Sie ein Software-Update zu ei-nem höheren Release-Stand durchführen.

Release Notes 7.8

Release Notes 7.8

UCS 4.4 Release Notes - docs.software-univention.dedocs.software-univention.de/release-notes-4.4-0-de.pdf · Datenbank und ein Frontend für die Integration in die UMC. Die Erfassung

UCS 4.4 Release Notes - docs.software-univention.dedocs.software-univention.de/release-notes-4.4-0-de.pdf · Datenbank und ein Frontend für die Integration in die UMC. Die Erfassung

Release Notes (Solar-Log™ 4.2.0 Build 108, 28.08.2018) · Release Notes (Solar-Log™ 4.2.0 Build 108, 28.08.2018) für Solar-Log 250, 300, 1200, 1900 und 2000 Wechselrichter/SCBs/Zähler/Batteriesysteme/sonstige

Release Notes (Solar-Log™ 4.2.0 Build 108, 28.08.2018) · Release Notes (Solar-Log™ 4.2.0 Build 108, 28.08.2018) für Solar-Log 250, 300, 1200, 1900 und 2000 Wechselrichter/SCBs/Zähler/Batteriesysteme/sonstige

UCS 4.2-3 Release Notes - software-univention.de · added, e.g. the certificate can now be configured. ... Univention Management Console better to customer needs and carry out usability

UCS 4.2-3 Release Notes - software-univention.de · added, e.g. the certificate can now be configured. ... Univention Management Console better to customer needs and carry out usability

UCS 4.1-0 Release Notes - software-univention.de · • Das Univention App Center integriert die Containertechnologie Docker. Mittels Docker lassen sich Apps voneinander getrennt

UCS 4.1-0 Release Notes - software-univention.de · • Das Univention App Center integriert die Containertechnologie Docker. Mittels Docker lassen sich Apps voneinander getrennt

UCS 4.3 Release Notes - software-univention.de

UCS 4.3 Release Notes - software-univention.de

Release Notes 10.2 - w3.siemens.com€¦ · COMOS Release Notes 10.2.2 Bedienhandbuch 11/2017 V 10.2.2 A5E37082748-AC Neue Funktionen 1 Behobene Fehler oder geändertes Verhalten

Release Notes 10.2 - w3.siemens.com€¦ · COMOS Release Notes 10.2.2 Bedienhandbuch 11/2017 V 10.2.2 A5E37082748-AC Neue Funktionen 1 Behobene Fehler oder geändertes Verhalten

UCS@school 4.4 v1 Release Notes - software-univention.de · und CSS-Funktionen. Cookies müssen im Browser zugelassen sein. Die folgenden Browser werden empfoh-len: Chrome ab Version

UCS@school 4.4 v1 Release Notes - software-univention.de · und CSS-Funktionen. Cookies müssen im Browser zugelassen sein. Die folgenden Browser werden empfoh-len: Chrome ab Version

DE UCS UCS/M UCS/H UCS900 - EURAPO · 2014-03-12 · UCS EURAPO hat das UCS Kassettengerät entwickelt, 2- und 4- Leitersysteme, um alle Anforderungen an Komfort und Raumoptimierung,

DE UCS UCS/M UCS/H UCS900 - EURAPO · 2014-03-12 · UCS EURAPO hat das UCS Kassettengerät entwickelt, 2- und 4- Leitersysteme, um alle Anforderungen an Komfort und Raumoptimierung,

Amberg Rail - Release Notes

Amberg Rail - Release Notes

Release notes 3 - silver.solutions · silver.solutions GmbH Färberstraße 26 12555 Berlin Fon: +49 030 65 48 19 90 contact@silversolutions.de Release notes 3.5

Release notes 3 - silver.solutions · silver.solutions GmbH Färberstraße 26 12555 Berlin Fon: +49 030 65 48 19 90 [email protected] Release notes 3.5

UCS 4.2 Release Notes - docs.software- · PDF fileThe modules iscsitarget-dkms and xtables-addons-dkms are no longer supported Bug 42049. 6.3.2. Univention Configuration Registry.

UCS 4.2 Release Notes - docs.software- · PDF fileThe modules iscsitarget-dkms and xtables-addons-dkms are no longer supported Bug 42049. 6.3.2. Univention Configuration Registry.

opsi Version 4.1 Release Notes - download.uib.de · opsiVersion4.1ReleaseNotes 3/75 Kapitel3 WichtigeHinweise-UnbedingtBeachten opsi4.1isteineigenständigesRelease,welcheseigenePaketquellenmitbringt

opsi Version 4.1 Release Notes - download.uib.de · opsiVersion4.1ReleaseNotes 3/75 Kapitel3 WichtigeHinweise-UnbedingtBeachten opsi4.1isteineigenständigesRelease,welcheseigenePaketquellenmitbringt

opsi Version 4.1 Release Notes - uib...opsi Version 4.1 Release Notes Stand: 8. Juni 2018 uib gmbh Bonifaziusplatz 1b 55118 Mainz Tel.:+49 6131 275610 info@uib.de opsiVersion4.1ReleaseNotes

opsi Version 4.1 Release Notes - uib...opsi Version 4.1 Release Notes Stand: 8. Juni 2018 uib gmbh Bonifaziusplatz 1b 55118 Mainz Tel.:+49 6131 275610 [email protected] opsiVersion4.1ReleaseNotes

IGEPA MasterRip III Release Notes 7.20 Build 4667€¦ · Releases Notes 7.20 Build 4667 · Seite/Page 1 von/of 23 IGEPA MasterRip III Release Notes 7.20 Build 4667 22. April 2013

IGEPA MasterRip III Release Notes 7.20 Build 4667€¦ · Releases Notes 7.20 Build 4667 · Seite/Page 1 von/of 23 IGEPA MasterRip III Release Notes 7.20 Build 4667 22. April 2013