Author Topic: Joining Zentyal 3 to existing active directory domain.  (Read 17813 times)

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #15 on: September 25, 2012, 09:50:33 pm »
I will be testing this over the weekend in a testbed.  I will post my results back here Monday.

browley

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #16 on: September 25, 2012, 10:22:26 pm »
Adding some .02$ here.  I am in the beginning steps to get it added just to prove it out.  Note: this was a fresh install and I never got around to enabling the samba module via the dashboard.  First step was to go into /etc/hosts and add both the existing 2003 DC and my IP for the Zentyal box:
Code: [Select]
192.168.101.11  win2k3.domain.lan w2k3
192.168.101.112  zentyal.domain.lan zentyal

I then also added the DNS entries in the Zentyal dashboard just in case.  I then ran the following:
Code: [Select]
/usr/bin/samba-tool domain join zentyal DC -Uadmin%password

Which reported a successful join.  I was actually shocked especially since I did not put in the FQDN.  Anyway, it seemed all for naught as "samba-tool drs showrepl" gives an error that it "Failed to connect host <ip> (<hostname>) on port 135..."  I read somewhere that samba needed to be restarted so I gave the machine a boot.  Upon boot, I checked the "samba-tool drs showrepl" again which was still throwing an error like that it "fails to find CN=NTDS Settings".  A suggested fix, https://lists.samba.org/archive/samba-technical/2011-December/080880.html  had me run the following:
Code: [Select]
samba-tool dbcheck --fixin which I totally started seeing my Windows 2k3 active directory objects.  W00t!  Right now when I run showrepl, I keep getting failures.  I'm going to look into it and see what I can find, just wanted to share that I made some progress.

browley

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +1/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #17 on: September 26, 2012, 12:28:51 am »
Checking back in before I head out of work.  Basically, at this point, the DNS from the Windows 2k3 server is failing to connect to the Zentyal box.  I've tried the Samba4 install with vanilla bind and remember it being a pain.  That said, with Zentyal in the mix, I have a feeling it will be a little bit more difficult setting both up to play nice.  Right now, I'd be referencing this step: http://wiki.samba.org/index.php/Samba4/HOWTO#Configure_.2Fetc.2Fresolv.conf

So, I have set up the bare minimum for DNS via the dashboard and now am trying to get the SRV records from above straightened out.  For example:

Code: [Select]
$ host -t SRV _ldap._tcp.zentyal.domain.lan
_ldap._tcp.zentyal.domain.lan has SRV record 0 100 389 zentyal.domain.lan.

EDIT:
Think I found the file the needs to update DNS, it's /usr/share/samba/setup/dns_update_list.  So basically, those entries need to be added dynamically to Zentyal's DNS in order for everything to be happy.  So, @Zentyal coders, how can we accomplish this?  In other words, can something be done were bind.conf.mas startup file is modified to include these entries?  Could it be flushed every time a computer/user is added/modified?  This is starting to get a little too deep into the coding for me to know what to do.  Thanks in advance.

« Last Edit: September 26, 2012, 12:36:50 am by browley »

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #18 on: September 28, 2012, 02:44:32 am »
We'll another update. I'm not really sure how it happened, but the realm finally changed to be test.lan instead of the default zentyal-domain.lan!!!! Curious because I haven't done anything different, besides re-installing ubuntu and adding the zentyal sources again. Maybe there was an update since I last tested? Any way I now have the same issue as the guy in this thread:
http://forum.zentyal.org/index.php/topic,12175.0.html

It will sync my users and groups but only from the default User OU and not from my OU that I created and my users are in. Does anyone have a solution for this?

FarquahrWindsor

  • Guest
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #19 on: September 28, 2012, 09:48:24 am »
http://wiki.samba.org/index.php/Samba4/Releases/4.0.0beta8

If you are trying this in production I would warn against it.

Its been such a long wait for the Samba4 binary that I myself like many others are itching to get it employed.
I have been hounding Zentyal and with much credit to the devs they are one of the foremost early adopters as it looks like the resara iniative has died a death and then there is only two others I think.

Beta8 is not netbios browseable and its hard to reconfigure even with RC1 there are still dns replication problems.

So it might be wise to provide the ldap sync aswell in the manner of 2.2

half_life

  • Bug Hunter
  • Zen Hero
  • *****
  • Posts: 867
  • Karma: +59/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #20 on: October 03, 2012, 09:34:29 pm »
I know it is Thursday not Monday but I do have good news.  I was able to add a Win2003R2 server (clean install) as an additional DC to an existing Zentyal DC.  Coming soon the REAL test,  adding Zentyal as an additional DC to an existing W2003R2 domain.

FarquahrWindsor

  • Guest
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #21 on: October 03, 2012, 09:54:21 pm »
Would be great to hear back for you and I know this is a dumb question but what uses netbios nowadays?

The beta8 doesn't support netbios, its implemented RC1 does there are still problems with drs replication.

I read that you can just rsync sysvol to your member servers otherwise you might run into problems where group polices are not replicated.

I don't know if samba pushes or pulls the replication I guess its PDC to member servers it is M$ though might be both ways.

Interested to hear how you get on with browsing the network and group policies.
« Last Edit: October 03, 2012, 09:56:30 pm by FarquahrWindsor »

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #22 on: October 07, 2012, 09:30:56 am »
Just let you know that I just tried this with Samba4 RC2 and zentyal-samba 3.0.2 and works fine.

typ6ojiocb

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #23 on: October 10, 2012, 05:04:51 am »
 i have trouble with joining to existing AD :( 
i change .local as in post : http://forum.zentyal.org/index.php/topic,12196.msg49930.html#msg49930
next - goto "File Sharing", select Additional Domain Controller, put values into fields and save changes, start filesharng module, and get error with starting dns, in dashboard i see that file sharing module not running, press button "start" and see msg "Error restrarting service File Sharing. See /var/log/zentyal/zentyal.log for more information.
/var/log/zentyal/zentyal.log:
Quote
INFO> Service.pm:716 EBox::Module::Service::restartService - Restarting service for module: samba
2012/10/04 11:21:58 INFO> Samba.pm:822 EBox::Samba::__ANON__ - Joining to domain 'PVK.LOCAL' as DC
2012/10/04 11:22:00 ERROR> Samba.pm:855 EBox::Samba::__ANON__ - Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)
2012/10/04 11:22:00 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/10/04 11:22:01 INFO> DNS.pm:87 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/10/04 11:22:04 ERROR> Service.pm:721 EBox::Module::Service::__ANON__ - Error restarting service: Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)
2012/10/04 11:22:04 ERROR> RestartService.pm:67 EBox::CGI::SysInfo::RestartService::__ANON__ - Restart of File Sharing from dashboard failed: Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)

what i must do?

r27

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Joining Zentyal 3 to existing active directory domain.
« Reply #24 on: November 11, 2012, 04:57:42 am »
Anybody can help with this ? I have the same error, can't join zentyal do AD. Tried everything I found around.

2012/11/10 22:46:05 INFO> GlobalImpl.pm:604 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall samba dns logs
2012/11/10 22:46:05 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2012/11/10 22:46:06 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: samba
2012/11/10 22:46:07 INFO> Samba.pm:943 EBox::Samba::__ANON__ - Joining to domain 'test.local' as DC
2012/11/10 22:46:22 ERROR> Samba.pm:980 EBox::Samba::__ANON__ - Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[402] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[804] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[1206] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[1608] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2010] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2412] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2814] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3216] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3618] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3763] linked_values[0]
 Analyze and apply schema objects
 Partition[CN=Configuration,DC=test,DC=local] objects[402] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[804] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[1206] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[1608] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2010] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2412] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2771] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2932] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3096] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3270] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3445] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3724] linked_values[0]
 Failed to apply records: Failed to find GUID for (null): Invalid DN syntax
 Failed to commit objects: WERR_GENERAL_FAILURE
 ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 168, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 555, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1090, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 995, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 733, in join_replicate
2012/11/10 22:46:22 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/10 22:46:22 WARN> DNS.pm:1762 EBox::DNS::switchToReverseInfoData - Domain 'test.local' already mapped to IP group '1.168.192', domain test.local skipped
2012/11/10 22:46:24 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,D$
« Last Edit: November 11, 2012, 05:02:19 am by r27 »