UCC 3.0 release notes

Release notes for the installation and update of Univention Corporate Client (UCC) 3.0

Table of Contents

1. Release highlights
2. Preparation of update
3. Postprocessing of the installation
4. Notes on selected packages
4.1. Citrix support in UCC 3
4.2. Removal of CIFS home mount package with UCC 3
4.3. RDP logins and PAM home mounts after a password change at LightDM
4.4. Removal of XRDP terminal server
5. Changelog
5.1. General
5.2. System boot / initial ramdisk
5.3. Image roll-outs and image updates
5.4. UCS domain integration
5.4.1. Univention Management Console integration
5.4.2. UCC installation wizard
5.5. UCC standard images
5.5.1. General
5.5.2. UCC thin client image
5.6. Terminal sessions
5.6.1. Citrix
5.6.2. Firefox
5.6.3. RDP
5.7. Client management

§Chapter 1. Release highlights

With Univention Corporate Client (UCC) 3.0 the second major release update of Univention Corporate Client is now available. It provides several improvements and bugfixes:

  • The Ubuntu base has been updated to version 16.04. A large part of available software components are renewed: Unity 7.4, Linux Kernel 4.4, LibreOffice 5.1.4. All Univention packages imported from UCS have been updated to the version of UCS 4.1

  • The default Desktop is now Unity, which allows us to provide maintenance of 5 years for UCC 3.0.

  • UCC desktops are now available as 64-Bit images. Thin client images are still available as 32-Bit.

  • Clients report their currently installed image to the UCS management system. This allows to easily search for clients which use outdated images.

  • Clients check and update their position in the UCS LDAP. The move of a computer object now does not require a client rejoin.

  • Images for 32- and 64-Bit architecture images can be build on UCS servers that are using 64-Bit architecture.

  • Thin clients update their client policies persistently upon booting, which increases robustness in case the LDAP server is not reachable during boot time.

  • The RDP and Firefox session scripts can be configured to add additional program parameters, or to execute arbitrary commands, including the possibility to change the program binary.

  • It is possible to activate the custom start script feature. This offers the possibility to sync scripts and other files from the image server and execute them at boot time.

§Chapter 2. Preparation of update

Due to the switch from 32-Bit to 64-Bit architecture in the UCC desktop image, clients are required to boot via PXE for the image update to work.

§Chapter 3. Postprocessing of the installation

UCS installations, in which the master domain controller was installed in a release older than 2.3 still use MD5 as the hashing algorithm for the SSL certificates. Later releases use SHA-1 as the hashing algorithm. UCC clients cannot join a domain still using MD5 hashes. The necessary steps to migrate a UCS domain from MD5 to SHA-1 are documented in the Univention Support Database (SDB 1150).

§Chapter 4. Notes on selected packages

§4.1. Citrix support in UCC 3

Prior to the release we worked together with Citrix to support Citrix environments in UCC 3. In these tests we found issues regarding USB device support with the Citrix Receiver and UCC 3. A Citrix Receiver update is required to fix these issues. After the update has been released, we will provide an Errata Update for UCC 3. Until then, the Citrix session does not support all documented features.


Update 2016-10-17: With Citrix Receiver 13.4, UCC 3.0 was successfully verified as Citrix Ready. The update is provided via Errata Updates and is also preinstalled in updated UCC 3.0 images, which can be downloaded in the UCC Images module.

§4.2. Removal of CIFS home mount package with UCC 3

With the release of Univention Corporate Client 3.0 the package univention-ucc-cifshome-pam-mount has been removed due to stability and performance issues in medium and large environments. The custom start scripts feature allows administrators to build similar features if they desire.

§4.3. RDP logins and PAM home mounts after a password change at LightDM

If the user password is changed during the login at the LightDM Login Manager (e.g., because the Change password on next login user option is activated or because a password has expired), the password change is effected via Kerberos. This Kerberos password change is not "visible" for PAM modules executed after authentication. The RDP session script and the PAM module for mounting the home directory via CIFS, however, access the cached password and, as a result, the login fails the first time. The correct password is then available for the second login attempt.

§4.4. Removal of XRDP terminal server

As announced with UCC 2.1, the XRDP UCC terminal services have been removed in UCC 3.0.

§Chapter 5. Changelog

Listed are the changes since UCC 2.1:

§5.1. General

  • The UCS packages imported in UCC were updated to the versions in UCS 4.1-2. Patches applied to UCC 2.0 were migrated to UCC 3.0 (if applicable) (Bug 41421)
  • The UCC 3.0 release name is Wuemme (Bug 41902)
  • UCC now uses a slightly updated product logo (Bug 41106)

§5.2. System boot / initial ramdisk

  • Directory policies are now applied during the image boot and rollout (Bug 41427).
  • The script univention-ucc-force-rw-boot has been added to configure a UCC client to boot in read-write mode (Bug 41427).
  • The OverlayFS mount directory structure and mount options have been adapted to the current OverlayFS version (Bug 41526).
  • There is no continuous network connection from initramfs to NetworkManager start (Bug 41599).
  • The InitRD now verifies that the LDAP DN of the computer object matches the ldap/hostdn of the client, and updates it, if necessary (Bug 35411).

§5.3. Image roll-outs and image updates

  • Partitions that are created during rollout are now aligned using parted optimal align option (Bug 41787).

§5.4. UCS domain integration

§5.4.1. Univention Management Console integration

  • A new attribute Current image has been added to UCC clients. This non-editable attribute holds the currently installed image of client and is updated by the client during installation and image update (Bug 33783).

§5.4.2. UCC installation wizard

  • Rephrased weirdly worded German translations (Bug 41936).

§5.5. UCC standard images

§5.5.1. General

  • The thin client image configuration has been updated to reflect the Ubuntu 16.04 packages and their dependencies (Bug 41509). The thin client image size is now 1.70GiB (Bug 41509). lxterminal is not replaced by xterm anymore (Bug 41509).
  • univention-ucc-fetch-system-policies now logs its start time (Bug 41212).
  • All upstart init script have been migrated to systemd services (Bug 41788).
  • Predictable network interface names are deactivated by default, legacy naming such as eth0 is used (Bug 41602).
  • The Univention Configuration Registry ldap/client/retry/count is set to 0 by default (Bug 41998).

§5.5.2. UCC thin client image

  • Two new Univention Configuration Registry variables have been introduced, ucc/mount/blacklist to configure a space-separated list of device names which are not mounted (by default the list includes the full partition devices sda sdb sdc sdd sde) and ucc/mount/blacklist/disable to disable the blacklisting. The Univention Configuration Registry variable ucc/mount/fullpartition has been removed. If ucc/mount/fullpartition was used, the old behavior can be restored by setting the Univention Configuration Registry variable ucc/mount/blacklist/disable to "true" (Bug 41427).

§5.6. Terminal sessions

§5.6.1. Citrix

  • Various hooks (run-parts) have been added to the XenApp session script (Bug 41427).

    • /usr/share/univention-ucc-session-xenapp/hooks/top.d/ - start of the session script
    • /usr/share/univention-ucc-session-xenapp/hooks/pre-firefox.d/ - before starting Firefox
    • /usr/share/univention-ucc-session-xenapp/hooks/post-firefox.d/ - after Firefox finished
    • /usr/share/univention-ucc-session-xenapp/hooks/bottom.d/ - end of the session script

  • The gstreamer dependencies of univention-ucc-session-xenapp have been updated (Bug 41528).
  • Citrix Receiver has been updated to version 13.3 (Bug 41507).
  • lxsession-logout was added as a dependency to univention-ucc-lxde (Bug 41604).
  • Dynamic Client Drive Mapping has been enabled for the XenApp session (Bug 37928).

§5.6.2. Firefox

  • Support for customizing the session command has been added (firefox/session/cmd) (Bug 41427).

§5.6.3. RDP

  • Xmessage has been replaced with zenity for status messages (Bug 41427).
  • Support for customizing the session command has been added (rdp/session/cmd) (Bug 41427).
  • Error message logging has been improved: Errors are now logged into the logfile that is shown in the zenity status message dialog (Bug 41612).
  • An update to neutrinordp fixes crashes due to incorrect bitmap cache handling and within the pulseaudio sound module (Bug 38695), (Bug 39266).

§5.7. Client management

  • The package univention-ucc-cifshome-pam-mount has been removed (Bug 41843).
  • Added the functionality to execute custom start scripts on clients (Bug 41919).