Table of Contents
With Univention Corporate Client 2.0 the first major release update of Univention Corporate Client (UCC) is now available. It provides several improvements and bugfixes:
The underlying Ubuntu base has been updated to Kubuntu 14.04. Consequently, a great deal of software components have been renewed: KDE 4.13, Linux kernel 3.13, Libreoffice 4.2.3, Xorg 15. All the Univention packages imported from UCS have been updated to the version of UCS 3.2-2.
The initial configuration of Univention Corporate Client is now performed via a wizard in the Univention Management Console. This considerably simplifies the initial setup. In addition, the UCC images can now be administrated in their own UMC module.
Support for operating xrdp terminal services has been integrated: A KDE Linux desktop is provided via the RDP protocol. In addition to access from UCC thin clients, this also allows access from Windows or MacOS X computers. The RDP access is very bandwidth efficient.
For licensing reasons, it is not possible to distribute the Citrix Receiver with UCC. The installation is now integrated in the Univention Management Console setup wizard, reducing the installation efforts to just a few clicks.
A great number of improvements have been made to the UCC image build system, and as such the generated images are now smaller in size, among other things.
UCC now also supports the rollout of systems in the UEFI boot standard.
The operation of UCC systems with an encrypted hard drive has been considerably facilitated; the corresponding option can now be configured easily in the Univention Management Console.
UCC systems can now be configured to avoid PXE boots and start directly from their local storage. This reduces the bootup time.
The configuration of UCC systems has been simplified; print servers, CIFS home shares and proxy settings can now be centrally configured through policies.
UCC now uses NeutrinoRDP as its standard RDP client. Among other things, this offers support for multi-monitor operation.
A whole range of bug fixes and smaller improvements have been integrated. UCC can now also be monitored with Nagios, for example.
UCS installations, in which the master domain controller was installed in a release older than 2.3 still use MD5 as the hashing algorithm for the SSL certificates. Later releases use SHA1 as the hashing algorithm. UCC clients cannot join a domain still using MD5 hashes. The necessary steps to migrate a UCS domain from MD5 to SHA1 are documented in the Univention Support Database (http://sdb.univention.de/1150).
Switching from one non-root user account to another non-root user account with the
su command doesn't work. Switching to the root account is not affected.
The underlying bug cannot be easily fixed as it would lead to invasive changes. As a
workaround it is possible to first switch to root and then switch to the user account, e.g.
$ su root $ su testuser
More information can be found at https://forge.univention.org/bugzilla/show_bug.cgi?id=30243.
Terminal services based on X11 forwarding are no longer supported. The corresponding Univention Management Console policy still exists, but is now only used by UCC 1.0 systems. This policy will be removed in a subsequent UCC version.
If the user password is changed during the login at the LightDM Login Manager (e.g., because the user option is activated or because a password has expired), the password change is effected via Kerberos. This Kerberos password change is not "visible" for PAM modules executed after authentication. The RDP session script and the PAM module for mounting the home directory via CIFS, however, access the cached password and, as a result, the login fails the first time. The correct password is then available for the second login attempt.
Listed are the changes since UCC 1.0:
kernel/blacklist (Bug 30177).
The apt source for errata updates has been updated for UCC 2.0 (Bug 31150).
/boot). Use /tmp or /ucc_root
for this (the directory with more free space is used) (Bug 31015).
/etc/grub.d/15_ucc has been fixed
(Bug 32631).
/etc/ldap.secret was added to the list of persistent files (Bug 30463). Also add symlink support to
univention-ucc-sync-persistent-files.
/ucc_root have been restricted
(Bug 34671).
/var/lib/univention-client-boot/partition-scripts
directory on all UCS UCC PXE servers
(Bug 34612).
nameserver1 is automatically
set to the new default 127.0.1.1 if the previous value was the UCC 1.0 default
(Bug 34646).
Several improvements and bugfixes were made to the image toolkit:
/usr/share/doc/ucc-image-toolkit/example/ucc-desktop-efi.cfg.gz as an example
configuration for UEFI partitioning (Bug 33978).
Several improvements were made to ucc-image-set-join-information
rdate has been added to the dependencies of
univention-ucc-join. This ensures that the system time is synchronised
correctly (Bug 34869).
ucc/pxe/* variables to all existing PXE
configuration files for UCC clients, e.g. setting ucc/pxe/loglevel changes the loglevel kernel parameter in all
PXE configuration files
(Bug 29904).
/var/lib/univention-client-boot/ldlinux.e32
/var/lib/univention-client-boot/ldlinux.e64
/var/lib/univention-client-boot/syslinux.efi32
/var/lib/univention-client-boot/syslinux.efi64
which enable UEFI-PXE booting by selecting the syslinux.efi64 (or syslinux.efi32) as the "boot_filename" (UDM module "policies/dhcp_boot") (Bug 33978).
/etc/pam.d/lightdm has been split
into a multifile template (Bug 31409).
The Univention Configuration Registry variable description of univention-lightdm has been improved
(Bug 30933). The obsolete Univention Configuration Registry variable
lightdm/wallpaper has been removed (Bug
30426).
lightdm/autologin/user allows the configuration of the user under which
the automatic login should occur. If the variable is unset, a temporary guest user is used as
before (Bug 30617).
ucc-image-add-citrix-receiver) has been created which
integrates the Citrix Receiver into a UCC image; the necessary dependencies are installed
and the Receiver installed afterwards. It is part of ucc-image-toolkit.
(Bug 34452).
citrix/accepteula: If set to true, a
configuration file is added to the user's home which accepts the EULA of Citrix Receiver.
(Bug 34452).
citrix/pulseaudio: If set to true,
the xenapp session script starts the Pulseaudio daemon for the user
(Bug 34227).
rdp/geometry has been fixed. Previously it was
always overriden by the fullscreen setting (Bug 31951).
rdp/additionaloptions now allows setting more options (Bug 31717).
rdp/checktls has been renamed to
rdp/tlsencryption. The handling of the Univention Configuration Registry variable
rdp/ignorecertificate has been fixed (Bug
34874).
.kde-cache in the user's
home directory instead of /var/tmp/kdecache-*. This prevents filling up
the /var partition on terminal servers with many users Bug 31863).
ram* and loop* devices are now ignored (Bug 30468).
krb5.conf config file now also supports the
dns_lookup_kdc option (Bug 32080).
ucc/nss/update/force to true
(Bug 31864).
ldap-passwd-to-file.py has been fixed (Bug 32958).
ucc/proxy/http configures the URL of the proxy server and
ucc/proxy/autoconfig/url the URL of the proxy PAC (Bug 31905, Bug 32580)
ucc/mount/cifshome/server, ucc/mount/cifshome/share and
ucc/mount/cifshome/options (Bug 32057).
ucc/cups/server allows to configure Cups server(s) (Bug 32056, Bug 32515). After
connection timeouts to a Cups server, a reconnect is now performed (Bug 30911).
ucc/apt/ID (whereby "ID"
can be anything) are written to the file /etc/apt/sources.list.d/ucc.list
(Bug 30748).
Several improvements were made to univention-ucc-software-update
univention-ucc-prune-old-kernel-packages (Bug 32166, Bug 31012).
univention-ucc-software-update can now be forced with
the new option --force (Bug 32296).