This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Directory and Authentication / Zentyal as PBC wind PDC in AWS Directory Service
« on: July 08, 2022, 02:17:29 pm »
has anyone joined zentyal to aws directory service?
I think I only need access to sysvol to sync group policy, and I should be able to access to \\domain.aws\SYSVOL using SMB 2.0
any other tips/tricks/suggestions/ideas?
thanks
I think I only need access to sysvol to sync group policy, and I should be able to access to \\domain.aws\SYSVOL using SMB 2.0
any other tips/tricks/suggestions/ideas?
thanks
2
Directory and Authentication / replica issue
« on: October 16, 2019, 05:06:48 pm »
Hi
I've some issue in my domain, I've 2 server (PDC and BDC) and I've 475 objects in PDC and 470 in BDC
so I've done:
but it seems that there is still something wrong, how can I have more details and understand what's wrong?
thanks
I've some issue in my domain, I've 2 server (PDC and BDC) and I've 475 objects in PDC and 470 in BDC
so I've done:
Code: [Select]
samba-tool drs showrepl
and I see, between other successful statements:Code: [Select]
DC=antea,DC=bogus
Default-First-Site-Name\IDROGENO via RPC
DSA object GUID: 3e8491b8-60a2-41df-809d-8174d8dc0471
Last attempt @ Wed Oct 16 17:01:09 2019 CEST failed, result 58 (WERR_BAD_NET_RESP)
2577 consecutive failure(s).
Last success @ Thu Oct 3 10:20:21 2019 CEST
I've had a network issue so BDC didnt contact PDC, but now the issue is solvedbut it seems that there is still something wrong, how can I have more details and understand what's wrong?
thanks
3
Directory and Authentication / home icon on dock
« on: July 05, 2019, 03:09:00 pm »
the shortcut on dock to home redirects to something like smb://mydomain.lan/user/something that doesnt exists and cant be mounted
how to remove and change to local home folder?
how to remove and change to local home folder?
4
Contributions / Tips&Tricks / Features Requests / clients dont show password expiring message
« on: May 05, 2019, 02:57:17 pm »
i dont' understand why, but some clients dont show "your password is expiring in X days" message
why?
why?
5
Directory and Authentication / pdbedit bug
« on: March 05, 2019, 10:26:09 am »
when I run pdbedit -u username, it shows
even if password age is setted
Code: [Select]
Password must change: never
even if password age is setted
6
Directory and Authentication / Notify password expiration
« on: March 05, 2019, 09:19:50 am »
I'd like to notify with an email to user and administrator (me) when a password is expiring
how can i do?
how can i do?
7
Installation and Upgrades / [SOLVED] import/export bug during upgrade from 4 to 6
« on: February 23, 2019, 02:35:54 pm »
after last update of zentyal 6, bind doesnt start with this error:
EDIT: i've imported backup from 4.2 to 6, and in named.conf.local there was dlz_bind9_9, I changed with dlz_bind9_11 and restarted bind
Quote
dlz_dlopen: /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so: incorrect driver API version 2, requires 3
EDIT: i've imported backup from 4.2 to 6, and in named.conf.local there was dlz_bind9_9, I changed with dlz_bind9_11 and restarted bind
8
Other modules / DHCP features
« on: February 07, 2019, 12:03:57 pm »
I've zentyal 4.2 and i want to update
in new zentyal 6.0 is it possible:
1. re-order records
2. add descriptions to record
3. sync dhcp between pdc and bdc or import/export configuration
?
thanks
in new zentyal 6.0 is it possible:
1. re-order records
2. add descriptions to record
3. sync dhcp between pdc and bdc or import/export configuration
?
thanks
9
Directory and Authentication / samba-tool domain passwordsettings
« on: July 10, 2018, 12:32:56 pm »
is it necessary to use this tool to set options about password policy?
i've tried to change them through administrative tools in windows, but i see they are not applied
thanks
i've tried to change them through administrative tools in windows, but i see they are not applied
thanks
10
Directory and Authentication / mac osx sierra cant login after locked screen
« on: March 02, 2018, 10:07:11 am »
after a locked screen, cant login any more. if reboot, all is ok
in osx logs i found "Unable to reach any KDC", in zentyal logs i found:
in osx logs i found "Unable to reach any KDC", in zentyal logs i found:
Quote
[2018/03/02 09:41:03.193872, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:60872 for krbtgt/ANTEA.BOGUS@ANTEA.BOGUS
[2018/03/02 09:41:03.199558, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: 149
[2018/03/02 09:41:03.199638, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.199651, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.199698, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.228510, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:49742 for krbtgt/ANTEA.BOGUS@ANTEA.BOGUS
[2018/03/02 09:41:03.232609, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: encrypted-timestamp, 149
[2018/03/02 09:41:03.232662, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PKINIT pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.232686, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.232772, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: ENC-TS Pre-authentication succeeded -- attori.cristina@ANTEA.BOGUS using arcfour-hmac-md5
[2018/03/02 09:41:03.242549, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ authtime: 2018-03-02T09:41:03 starttime: unset endtime: 2018-03-02T19:41:03 renew till: unset
[2018/03/02 09:41:03.242701, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5
[2018/03/02 09:41:03.242772, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Requested flags: forwardable
[2018/03/02 09:41:03.254424, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:61401 for bastet$@ANTEA.BOGUS [forwardable]
[2018/03/02 09:41:03.260344, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-03-02T09:41:03 starttime: 2018-03-02T09:41:03 endtime: 2018-03-02T19:41:03 renew till: unset
11
Other modules / dns error after swaping clients
« on: October 16, 2017, 12:17:16 pm »
i've had ariel with ip 192.168.10.63
i've bought a new notebook, called it titania and assigned 192.168.10.63, meanwhile ariel is now 192.168.10.64
both notebooks are joined to domain
if i made nslookup it find that ariel is 192.168.10.63 and titania is unknown
how to fix this?
thanks
i've bought a new notebook, called it titania and assigned 192.168.10.63, meanwhile ariel is now 192.168.10.64
both notebooks are joined to domain
if i made nslookup it find that ariel is 192.168.10.63 and titania is unknown
how to fix this?
thanks
12
Other modules / sync secondary dns
« on: February 20, 2017, 09:07:31 am »
Hi
I've configured PDC and BDC, but it's not clear to me how the dns sync works
If I don't create record HOSTA in secondary DNS, it's not resolved
But if I create it, I don't need to create alias because they seem imported from PDC
is this right?
thanks
I've configured PDC and BDC, but it's not clear to me how the dns sync works
If I don't create record HOSTA in secondary DNS, it's not resolved
But if I create it, I don't need to create alias because they seem imported from PDC
is this right?
thanks
13
Directory and Authentication / Access only using FQDN
« on: February 15, 2017, 11:58:38 am »
hi
if my pc is in same lan of my servers, I can access them using \\servername
but when I'm out of office and connect with VPN (not managed by zentyal), I ha've denied access
BUT if I access to server using \\servername.mydomain.local I can access !!
I suppose there is some trouble with NetBIOS / Wins...
gives me "access denied", while
shows me all shared folders
any idea?
thanks
if my pc is in same lan of my servers, I can access them using \\servername
but when I'm out of office and connect with VPN (not managed by zentyal), I ha've denied access
BUT if I access to server using \\servername.mydomain.local I can access !!
I suppose there is some trouble with NetBIOS / Wins...
Code: [Select]
net view \\servername
gives me "access denied", while
Code: [Select]
net view \\servername.mydomain.local
shows me all shared folders
any idea?
thanks
14
Directory and Authentication / popup with desktop.ini
« on: February 01, 2017, 01:32:49 pm »
after joining a pc in domain, when the users (all!) logon a notepad appears to them with
I've deleted desktop.ini but at the new logon it reappears
Code: [Select]
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
I've deleted desktop.ini but at the new logon it reappears
15
Directory and Authentication / sysvol Policies folder disappears
« on: November 30, 2016, 02:15:24 pm »
Hi
I've 2 Zentyal 4.2 servers, 1 PDC and 1 BDC
I've noticed that some clients, when I try to "gpupdate /force", give me error "The processing of Group Policy failed. Windows attempted to read the file " etc., and if I try to access \\mydomain\sysvol\mydomain\ I can't see Policies folder, if I access \\pdc\sysvol\pdc I can and if I access \\bdc\sysvol\bdc I can't
so I've searched what can cause this problem and I found these posts:
https://forum.zentyal.org/index.php/topic,21930.msg84424.html#msg84424
https://forum.zentyal.org/index.php/topic,23116.msg89031.html#msg89031
I've tried "samba-tool ntacl sysvolreset" but I can't fix, and this command gives me this error:
PDC
BDC
I've 2 Zentyal 4.2 servers, 1 PDC and 1 BDC
I've noticed that some clients, when I try to "gpupdate /force", give me error "The processing of Group Policy failed. Windows attempted to read the file " etc., and if I try to access \\mydomain\sysvol\mydomain\ I can't see Policies folder, if I access \\pdc\sysvol\pdc I can and if I access \\bdc\sysvol\bdc I can't
so I've searched what can cause this problem and I found these posts:
https://forum.zentyal.org/index.php/topic,21930.msg84424.html#msg84424
https://forum.zentyal.org/index.php/topic,23116.msg89031.html#msg89031
I've tried "samba-tool ntacl sysvolreset" but I can't fix, and this command gives me this error:
PDC
Quote
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/mydomain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1631, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
BDC
Quote
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 218, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1619, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1512, in set_gpos_acl
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
Pages: [1] 2