Setting up Zentyal 3.0 as a PDC documentation

[benronlund]

I've made a bit of documentation/quick start guide to set up a PDC using Zentyal 3.0. I focused on joining a Windows XP client to run Remote Server Administration Tools, Group Policy Management Console and included links to set up IIS 5.0 and WSUS SP2.

I'd also appreciate any feedback you could give me. I might even make a YouTube video if I thought it might end up in the documentation or at least become linked to.

[ichat]

Hi,

First of all let me apologize for not reading the entire document before replying.

but there are a few things i would like to point out and ask your opinion about,

Would you be willing to post this document to the zentyal wiki's   as it looks quite clear and helpfull,
i think that many users would appreciate it being in an online format instead of having to open a docx. 
i have tried to open this with Libre Office and it works,  but being able to point to an online source (specially in these forums) can be really help full.
Also in your document you explain how to setup  wsus3 on an xp client,   yet i have my doubts if in fact this is legal (due to ms licensing issues) have you checked this? 

for the rest i would really like to say  thanks for creating this doc. 


 

[benronlund]

Thanks ichat for responding and bringing up some issues you found. I'm not 100% sure whether the WSUS update requires a Server License but I do make a couple of assumptions that make me feel safe enough to use it (at least in a personal environment). I would call Microsoft Support before installing this in a commercial production environment just to be safe.

• Windows Server Update Services WSUS is just a downloadable update and Microsoft even say that here: http://support.microsoft.com/kb/972455.
• No other Microsoft Desktop product is able to install this update so I assume this is intended for this environment.
• The presence of other Networking Administration tools like IIS and Group Policy Management Console lead me to believe that this OS was intended be a business product just not a corporate product (Distributed File System won't work with XP, you'll need an actual Microsoft Server).

Unfortunately I also noticed that it's a prerequisite that IIS 6.0 be installed as well, Microsoft XP x32 only comes with 5.1, while Microsoft XP x64 comes with 6.0 Other than this prereq. all other requirements are met. I'm not sure whether this would work or not without it (the web interface might only be for people to download their updates manually themselves, you normally set updates through Group Policy Management Console).

PS. Does anybody know if DFS could be set up on Zentyal and managed using XP or even Zentyal, this seems to be a feature that cannot be imitated by Linux to my knowledge.

[ichat]

DFS, as managed by a windows xp machine via the MS tools, is purely a windows thing,   but that doesn't mean that there are no valid linux alternatives. like (grayhole: https://github.com/gboudreau/Greyhole/wiki)  or more advances things like  btrfs and zfs...  all witch are basically still  not really  enterprise ready on linux...

i do feal that at some point features like this could be added to zentyal,  but there might be more urgent things to add. 

also browsing the internet i found the tool call    wsus offline update,  witch basically is a tool to collect and install updates via a bunch of scrips,  sadly enought there used to be a basic linux version as well  witch got discontinued for lack of a maintainer,

from from my personal perspective this tool running on a windows host to download and generate the scripts could be a usefull (yet not perfect) alternative,  if use of the real wsus is resticted.

a better option would be for someone  to get in touch with these guys  and talk about a  nice webbased version of this tool,  so that we could actually include it, and host it on a zentyal server completely.

 for those interested the update tool can be found [here] and the folders where the actuall updates reside can still be on zentyal's samba...  and the update scripts can also be enforce via a GP...  just the downloaders and settings tool has to run on a windows pc.

[Escorpiom]

Nice one. If you can actually get those attachments, which I, for some unknown reason, can't.

Another vote for running wsus offline from a samba share, doing that for a while and it works wonders.

Cheers.

[ichat]

@escorpoim,

in the past there you used to be .sh scripts to download al these updates for a linux box, but do to lack of support  that project stalled,  as they ar looking for people to support such a feature, we may want to help them find some one to have a look at it...

if there could be a webbased implementation of thair tool, to configure and download these updates,  it could even be a valuable  module for zentyal users with windows clients...

[Escorpiom]

Yes ichat, that looks like a fantastic idea, to make a Zentyal module out of wsusoffline.
A lot of people would have Windows clients so it seems like a worthy addition.

I'm going to write the author to see what he thinks about it.

Cheers.

[jammin]

Thanks benronlund for your right up, this helped with my first setup/trial of zentyal with samba4.

Couple things to note and perhaps help for your next update of your documentation.

 -  i found your steps of the "Initial Configuration Wizard" a bit light so i suggest this write up as a reference or borrow the pictures
       http://doc.zentyal.org/en/installation.html#initial-configuration

 - When doing the "Initial Configuration Wizard" ensure the "host domain name" you enter reflects the domain-name with the .lan (or similar) at the end - as i had trouble joining the domain if the kerbos realm and samba domain did not match.

 - if you've set everything up correctly, there is no need to do the .reg hack as zentyal 3.0 uses samba4 - eg is an Active Directory member. the .reg hack was for connecting to samba3 type servers.

 - I've now installed and got a windows 8 pro (effectively the same as win7) computer to connect to the domain without the .reg hack
     -- TIP: i configured the dns of the windows 8 machine to go through the samba server.

 - perhaps add some links to the Microsoft site for downloading the admin packs.
     win8 remote server admin tools - http://www.microsoft.com/en-au/download/details.aspx?id=28972
     - NOTE: for win8 ensure En-US language pack is installed for this to install (via control panel)
     win7 remote server admin tools(sp1) - http://www.microsoft.com/en-au/download/details.aspx?id=7887
     Group Policy Mgmt tools (GPMC) - http://www.microsoft.com/en-au/download/details.aspx?id=21895

ok, while a bit off topic, there is also some nice write ups on the samba website for connecting/managing and also converting old samba3 domains and computers to samba4.
https://wiki.samba.org/index.php/Samba4/videos
https://wiki.samba.org/index.php/Samba4/HOWTO#Migrating_an_Existing_Samba3_Domain_to_Samba4

[jammin]

if there could be a webbased implementation of thair tool, to configure and download these updates,  it could even be a valuable  module for zentyal users with windows clients...

personally in the past I've just installed a transparent web-cache like squid (or zentyals HTTP Proxy (Cache and Filter) should suffice) with sufficient cache size, after the initial download all the other pc's in the network will just use the cache copy 

only thing this doesn't really give you is the granularity in choosing what updates are rolled out to the network. as you'll just set all the pcs to do automatic updates.

[benronlund]

thanks jammin
I appreciate your reply and suggestions on my documentation. I wasn't sure whether or not you needed the registry hack but I always applied it just to be safe. I'm abit busy at the moment with assignments due in less than a month but I hope to get it all done before then and add screenshots as well as explore the other modules.

Questions 1
Which format should I publish it in? I was thinking of just putting it in a webpage so that people could literally just browse to it in the attachments.

Question 2
I was thinking about the whole web cache thing how much would be sufficient?

[jammin]

Questions 1
Which format should I publish it in? I was thinking of just putting it in a webpage so that people could literally just browse to it in the attachments.

html is an excellent format for openess, ichat mentions in his post at the start about adding it to the "Zentyal Wiki" which i believe is found here: http://trac.zentyal.org/wiki/Documentation/Community
you only require a valid forum login to update it, and some Zentyal 3 content would be great.
It also, may get incorporated/linked by official zentyal docs if found useful.

Question 2
I was thinking about the whole web cache thing how much would be sufficient?

this will depend on many things.
 - what OS's your supporting. (eg winXp, Win7, Win8) As each OS will have their own Updates, then you have the 386 and x64 variants
 - How far back in updates you want to support. eg winXP pre SP1 and all updates to current?

Personally, 10-20gb aside will be heaps, if you can spare more just bump it up further, as it will also transparently cache other websites/etc. You'll find most machines will be at a similar level of updates, so you only really ever need to cache the most recent updates. Once the cache is full it drops off the oldest/least used file and will have to download it again at that point - e.g. A fresh install which needs to get old updates that are no longer held in the cache.

p.s. make sure that your maximum cache file size is adjusted to ~300mb (so it caches service packs etc)

[ichat]

if you want to add it to zentyal documentation..  i think  wiki  would be prefered as that would be the place where we want to start building more information,

offcoures also providing it in doc  html or pdf  doesn't hurt...

about the  wsus-offline-tool  versus,  squid cash,   with wsus ofline its even possible to  select for witch software you would like to download all the updates...  sadly enought thre is not  'allow'  'disallow'  feature for specific updates. 

but if we try to work with the guys now running the project, we might be able to suggest, some  improvements, and someone might be able to pick it up...  and everybody could win.

where squid cash only ever looks at what has been downloaded befor, and until you run out off storage,  saves you having to download it again   - even those tools that only download once  like an  SDK or deployment.iso  (also hosted on  download.ms.com   

[Escorpiom]

Hi springing,

The attachment issue has since been resolved by Zentyal staff. It was related to my account permission settings.
Anyway, I have uploaded the doc to Mediafire so anybody could get it.

Code: [Select]

http://www.mediafire.com/view/?wurza9rb1f615d0
Don't worry, Zentyal does work as does Samba, it just takes some reading. Take it from a Linux n00b 

Cheers.