Author Topic: Again: How to join a Windows 7 client to Zentyal Domain installation  (Read 7909 times)

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #15 on: December 09, 2012, 06:48:50 pm »
:) Nope had to stop on episode 16. Just got in.

Ok I am doing a fresh install on ubuntu 12.04.1. with current core 3.0.8.

My first attempt was just to setup the networking and then install samba and let it bring in all the modules.

Banged out and it looks like there are apparmour probs like previously suggested.

I am just having a look through the logs.

[actually apparmor just caught my eye but that is just a profile update]

dns updates don't seem to be liked.
Might be that DNS hasn't even been enabled yet.

« Last Edit: December 09, 2012, 07:03:47 pm by stuartiannaylor »

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #16 on: December 09, 2012, 07:13:41 pm »
This time installed users&groups so that it brings in dns and ntp.

Enabled all fine rebooted.

Installed samba

enabled same fault dnsupdate not liked.


stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #17 on: December 09, 2012, 07:30:50 pm »
Same thing again this time disabled apparmor.

sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown
sudo update-rc.d -f apparmor remove

Had a look at my DNS and all seemed Ok apart from the host name dns referenced wan before lan IP.
Deleted wan IP and added it so it became lan first.

2012/12/09 18:25:21 WARN> DNS.pm:1494 EBox::DNS::_launchNSupdate - Cannot contact with named, trying in posthook
2012/12/09 18:25:21 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/12/09 18:25:23 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2012/12/09 18:25:23 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2012/12/09 18:25:23 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/12/09 18:25:23 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/8sZGdnRteK failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2012/12/09 18:25:23 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/12/09 18:25:25 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2012/12/09 18:25:25 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module dns: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED

« Last Edit: December 09, 2012, 07:33:42 pm by stuartiannaylor »

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #18 on: December 09, 2012, 07:57:21 pm »
Having a look at the temp files its trying to do the following...

zone thursbygarden.org
update delete thursbygarden.org A
update add thursbygarden.org 259200 A 192.168.3.1
update delete zen1.thursbygarden.org A
update add zen1.thursbygarden.org 259200 A 192.168.3.1
update delete thursbygarden.org MX
send

this was with a single static ip (disabled wan) also disabled apparmor !?



If you run the command as root then.

Dec  9 19:11:09 zen1 named[3145]: samba_dlz: starting transaction on zone thursbygarden.org
Dec  9 19:11:09 zen1 named[3145]: samba_dlz: disallowing update of signer=local-ddns, invalid key
Dec  9 19:11:09 zen1 named[3145]: client 127.0.0.1#35217: updating zone 'thursbygarden.org/NONE': update failed: rejected by secure update (REFUSED)
Dec  9 19:11:09 zen1 named[3145]: samba_dlz: cancelling transaction on zone thursbygarden.org

dunno what happened to my normal apparmor disable
sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown
sudo update-rc.d -f apparmor remove

when checked still running.
apt-get remove apparmor and reboot

So same as barry

« Last Edit: December 09, 2012, 08:38:34 pm by stuartiannaylor »

stuartiannaylor

  • Zen Monk
  • **
  • Posts: 67
  • Karma: +1/-6
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #19 on: December 09, 2012, 08:49:07 pm »
Ok so had to knock apparmor out of the equation.

Make sure clock is updated by zentyal ntp so synced.

Change administrator password.

make sure ntp is synced.

logon with administrator and fqdn domain name

Yeap hey presto.

So when we going to get the apparmor profile sorted?

peter_b

  • Zen Apprentice
  • *
  • Posts: 24
  • Karma: +4/-1
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #20 on: December 09, 2012, 10:13:00 pm »
Got it finally working. What I did was reinstall everything in expert-mode. When asking for the systemname go back and select manually install networking. Enter your IP, gateway and DNS server. After that enter your systemname (e.g. zentyal) and then your domainname (e.g. mydomain.lan). then proceed as normal, selecting all the modules you want. In the initial setup enter the domainname exactly as you did before. That's it. Now I can join Win7 and WinXP.

My problem was that zentyal did not change the initial domainname (zentyal-domain.lan) to my domainname, so in Samba REALM was still set to zentyal-domain.lan and WORKGROUP to mydomain.
For me this works.

Hope this will help a bit.

Regards Peter.

thorsten

  • Guest
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #21 on: December 10, 2012, 03:27:54 pm »
Hi Peter,

thanks, I already did this - I always install within expert mode, as I do require some special RAID settings ... :-) Of Course, Samba Realm and Domain name are exactly the same, in my case it is (like within zentyal 2.2 before) myname.dyndns.org

Best regards
Thorsten

ian

  • Community Council Member
  • Zen Samurai
  • *****
  • Posts: 296
  • Karma: +10/-1
    • View Profile
    • Familie site
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #22 on: December 10, 2012, 04:25:13 pm »
Hello,

Even afther an installation with option expert mode its still does not work with my 64 bit version of Zentyal release 3.0.8.

Not possible to join a Windows 7 client or an Windows Xp client to my domain.

I think we have to wate untill the ticket is solved.

Best regards,
Ian

thorsten

  • Guest
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #23 on: December 10, 2012, 09:17:28 pm »
Hi

I fear (think) so, too. Anyway,

I am using 64 bit, too. Also I personally found the 64 bit release of version 2.2 to be much more buggy than the 32 bit version.
Stuartiannaylor, what do you use 32 or 64 bit?

I guess, I will give 32 bit a trial - maybe this is less buggy for 3.0.x, too ... What a waste of souped up server hardware - my two processors will die of boredom.  ;D

Best regards
Thorsten

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #24 on: December 11, 2012, 09:11:57 pm »
evening

have just installed Zentyal 3.0 64bit on the hp microserver (the install failed on hp ml350 & 370 though) and then attached to the 'zentyal-domain.lan' using a win7 64bit workstation and logged in with a roaming profile, no vm's used in this test. I guess my setup is similar to peter_b who has also got this working, if it's not working why not list your setup options used.


peter_b

  • Zen Apprentice
  • *
  • Posts: 24
  • Karma: +4/-1
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #25 on: December 12, 2012, 06:58:04 pm »
jase,

It works fine now. The only issue I have is when adding a new user I have to restart the Filesharing module to enable roaming profiles for this new user. But that's not a major problem, I can live with it.

Best regards
Peter.

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #26 on: December 12, 2012, 08:48:28 pm »
Peter
thats a new one on me, I don't have that problem, the roaming profiles are roaming (but on zentyal <3.06 from memory, it was not working for me, seemed to be a permission issue on the folder therefore not saving on the server) but I do have the home folder not being automatically mapped which has almost consistently not mapped for me.
regards
jase

thorsten

  • Guest
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #27 on: December 14, 2012, 12:19:57 am »
Hi Jase,

what system options shall I post?  :-X By the way, my problem is exactly described here, too:

http://forum.zentyal.org/index.php/topic,13394.0.html

Best regards
Thorsten

Yes, of course, I get the time from the zentyal NTP

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #28 on: December 14, 2012, 09:36:15 am »
morning thorsten
i ended up installing in a VM because i was getting the impression by other posters that zentyal had gone into a phase of not working. the steps taken are broadly noted here: http://forum.zentyal.org/index.php/topic,13171.msg54633.html#msg54633
bear in mind i'm just trying to prove to myself if zentyal works as desired in a basic setup, then progress from there.
from memory the things that i think, were catching me out: set the time zone to a major city in your time zone to make ntp work, must set a fixed ip for zentyal (not dhcp and try to fix later), for win7 to join the domain you use the 'realm' name stated in Zentyal file sharing (as the domain name). i typically use the administrator account (with pass changed) to join the domain, i have not worked out how to make the zentyal dns work in my setup so i put the servers ip address as a dns server on the win7 clients net adapter. i suggest getting it working in a basic mode to prove to yourself it will work then personalize to your needs.
i'm in the office most of the morning, so should be around...


christian

  • Guest
Re: Again: How to join a Windows 7 client to Zentyal Domain installation
« Reply #29 on: December 14, 2012, 10:04:19 am »
DNS setting for clients  :o
This is hopefully provided by Zentyal DHCP server, of course  ;)

I don't understand concerns about DHCP.
Basic set-up would mean, IMHO, that Zentyal's internal NIC is set as "static" so that you can run here DHCP server for internal clients (this will provide, along with IP address, default gateway, domain, search domain, DNS, NTP...)
External NIC can be either fixed IP or DHCP client.