Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - acs

Pages: [1]
1
Hi

I administer 2 zentyal 5.1 servers and seem to have the same issue with both of them.
If I create a share and add existing users to read write access either as a user or group they
dont get access to the share when browsing over a network.

The error is either ' you dont have permission to open the share' or a prompt to enter a different user name and password.
This is on client PC's running both win 7 and 10.

What both these machines have in common is they were upgraded to 5.1 from 5.0.
I'm guessing this is a samba bug.

Has anyone encountered this?

2
When you say Zentyal ins't seeing any computer name, can you clarify what you mean?

Have you used the R-Sat tools?

3
Maybe some help to disable UNC hardening;

Knock up a powershell script with;

New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths" -Name "\\*\SYSVOL" -Value "RequireMutualAuthentication=0" -Property "String"
New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths" -Name "\\*\NETLOGON" -Value "RequireMutualAuthentication=0" -Property "String"

enable powershell in settings-update and security-for developers-powershell click allow execution.

run and reboot.

Hope this helps some one.


4
Many thanks for all the replies and pointers chaps!

Hopefully this may help another newbie like me.

Just a quick update;

The issue was caused by UNC hardening which by default is off on win 7 and 8/8.1 but enabled by default on Windows 10.
Once disabled on my win 10 clients the fault went away- However this raises two questions in my mind;

1, It looks like UNC hardening is a security feature so disabling it may not be the best idea.

2, I run quite a few MS domain controllers (Server 2008/sbs2011/server2012) and Win 10 clients with the UNC hardening enabled and have no group policy issues at all. I'm thinking this is maybe a bug in Samba?


Main thing for now is its working.

5
I have three Zentyal 5.1 servers in the field as it were all functioning as DC's. I use the default domain policy with roaming profiles (the roaming profiles was set in the zentyal admin webpage) and a couple of drive maps.

All the PC's are 'joined to the domain'

On windows 7 PC's when regular users log in the roaming profiles and drive maps work perfectly.

However on windows 10 PC's unless the users are administrators (members of the admin and schema admin group) neither the roaming profiles or drive maps work and often it logs in with a temp profile.
A check of the system events shows the following error;
The processing of Group Policy failed. Windows attempted to read the file \\test.local\sysvol\test.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
I can browse to and open the gpt.ini with no problems as a standard user.

If I then add the user to the admin group the issue goes away.
This issue affects all the zentyal 5 setups I have in exactly the same way including a test one. The windows 10 version is the latest creators edition.

I am certain anyone else using the win 10 creators version and zentyal 5 will be hitting the same issue!

Has anyone solved it?



6
Installation and Upgrades / Re: Samba shared directory access for lftp
« on: January 29, 2016, 01:08:51 pm »
just to add, the file permissions showing from ls- l is;
drwxrwx---+  4 root             domain users 4096 Jan 29 09:47 samba

I see root has access so why can't I use it?

7
Installation and Upgrades / Samba shared directory access for lftp
« on: January 29, 2016, 01:05:43 pm »
Hi,

I have a zentyal 4.2 server and was planing to backup using lftp. I have created (using sudo via the command line) a crontab and basic backup script. the problem is my adm (that I use to log in via putty) account has no access to the /home/samba directory and as suck backs up everything in the home dir except for the shares!

How can I give my adm access to the folder without affecting the other users and existing ACL's?

8
I have a server running 4.2 upgraded from 4.0 & 4.1. I had problems ( services not starting with the server & 100% cpu usage) with the 3.16.0-52-generic kernel and I purged it
and it installed 3.16.0-53-generic and I had the same issue so I purged again -53 and used apt-get to install 3.16.0-51-generic.
Since then it boots but all the hardware has gone, no video drivers and no network drivers. Lo is loading fine.

Is this broken now or can it be fixed?!

 

9
Hi you were corrtect in part, it had updated to -53 kernel with all the same issues! I have purged -53 and installed -51 and now it won't work with USB keyboard and mouse and the hdd light is permanently on. It also won't hand out IP address via dhcp despite the service running.

is -51 kernel compatible with zentyal 4.2? I did the same roll to -51 with another server that had 4.1.5 on and it's working great now.

10
I have had the same issue, however even after purging the kernel and updating grub it still boots to 3.16.0-52
and I still have the same issues. further down the grub list is /boot/vmlinuz-3.16.0-30-generic but its not at the top.


11
Installation and Upgrades / Re: Outlook not connecting
« on: October 29, 2015, 03:19:32 pm »
hello, it seems it's a wide problem, but until now nobody answered... like usual... i'm looking an other distro... :(

I also had the same problem. As a sys admin these things always remind me just what good value MS server software actually is. it usually works out the box and support online is very good! It's disappointing that zentyal didn't address this issue. If you tried to connect outlook to a sbs or exchange server with out a trusted certificate you would have the same issue, so it stands to reason if you developed this software you would know this and produce a work around. The work arround I used was to bin zentyal and use hosted exchange/ sbs 2011, it's not cheap however it works reliably. I personally don't have a preference for what OS I use as long as it works reliably and does what it says on the tin!

12
Installation and Upgrades / Frustrating install routine
« on: July 30, 2015, 08:27:05 pm »
Not so much a rant, more a lesson learned!

I had to do a server for a growing business, basic needs ATM however basic domain, 10 users maybe mail in the future.

So I did my research and found Zentyal and thought great! So I downloaded the free version and tried to install it (I have set a few basic Debian servers and can get about OK on them). So I go to install it and predictably run into issues straight away. The disk partition tool simply doesn't work, asks me if I want to use an intel raid with Mdam containers and next if I want to use the sata drives. No matter what I press there is no option to actually define partitions all I get is; no defined root partition please set one.
Time is tight and so I have a brain wave. I buy MS server 2012, 20 mins later it has installed without a hitch and two hours later I have a domain with VPN, all the shares and a free mail server running I got from the tinternet!
My point is I realized today why all I see in offices  are MS servers, yes they cost, however the £250 to buy it suddenly seems great value for money instead of wasting hours trying to get Zentyal going. Its very sad as I love Linux, however it simply isn't up to scratch. I thought I would share my experience even if I do get flamed and slated for my post. 

Pages: [1]