Messages

1

Installation and Upgrades / Re: Broken Sysvol Replication as Additional Domain Controler in Windows Environment

« on: August 14, 2014, 09:04:12 am »

Is your server a 2003 or 2003 R2? The sysvol is synced by zentyal using a script which pulls the sysvol content from the server you join each 15 min.

2

Installation and Upgrades / Re: Reopen: Zentyal 3.4 create bdc failing on?

« on: July 04, 2014, 05:18:44 pm »

Hi,

the issue seems to be in the samba DLZ, not being able to load records of type WINS (https://tracker.zentyal.org/issues/1142). We will publish new samba packages as soon as possible addressing this.

3

Installation and Upgrades / Re: DNS + DHCP problems

« on: March 12, 2014, 06:33:51 pm »

Hi,

Also, it seems that using the DLZ plugin means the forward zone no longer gets declared in the bind configuration file.  Unfortunately, I'm guessing it is up to the plugin to properly allow DNS updates from isc dhcp?  These DDNS updates still aren't working.

when samba is enabled the domain zone is stored in the samba database and accessed by bind using the DLZ driver (you will see the "dlz" in named.conf.local).

About the issue, I can confirm it and I am working on the solution 

4

Installation and Upgrades / Re: Sogo, OpenChange, Samba4 and Ldap

« on: December 19, 2013, 04:08:22 pm »

Hi,

the reason why Zentyal also uses two LDAP databases (samba4 and openLDAP) is because all zentyal modules use openLDAP as the main database as of today. I agree this adds unnecessary complexity and may change in future releases.

Regards.

5

Spanish / Re: Zentyal 3.0 Esclavo de Windows Server

« on: May 29, 2013, 07:06:17 pm »

Hola,

la documentación para unir Zentyal a un dominio AD esta aquí: http://trac.zentyal.org/wiki/Documentation/Community/Document/SambaScenario

Saludos.

6

Installation and Upgrades / Re: Max number of users in proxy filter groups?

« on: April 01, 2013, 05:31:07 pm »

Hi astana,

could you check if the users having problems are defined in the file /etc/dansguardian/lists/filtergroupslist?

7

News and Announcements / Re: Status of the Samba 4.0 integration in Zentyal 3.0

« on: December 18, 2012, 11:41:55 am »

After reading various forums posts I think that the most challenging part of the 3.2 release will be to fulfill all the different requirements for the different scenarios, taking away technical details on how implement that. There are two sides, some desire to maintain simplicity to deploy just infrastructure services and others desire full AD integration. We must be able to provide a solution that fit in the most common cases.

Thinking loudly, I think this can be accomplish using Samba4 as our main LDAP. It has a modular design and you can "shutdown" services that you don't need. For example, you can disable all kerberos, file sharing, etc and the samba daemon will provide just the LDAP backend for Zentyal. This is an approach that we need to test, validate and discuss before beginning 3.2 development.

My personal opinion, and after see the problems of the current solution, is that we have to simplify Zental architecture because maintain duplicated services and keep them synchronized is a source for problems. It should fit also for simple deployments where just LDAP is required, disabling everything is not needed. But, as I said before, this must be validated before consider a valid solution.

8

Installation and Upgrades / Re: I want to downgrade - 3.0.x community edition is not suitable for me at the mom.

« on: December 12, 2012, 05:22:01 pm »

Take some breath and look at what Zentyal needs today in order to offer Samba 4 features aside other modules:
- 2 LDAP servers (which means synchronization)
- 2 DNS servers
- 2 Kerberos servers

Is it reasonable 

Hi christian,

I agree that having two LDAP and two kerberos servers does not seems reasonable. For 3.2 release we are evaluating different alternatives, like use samba4 as our main LDAP, but this will open new problems like extend the AD schema to support the rest of the modules (zarafa, jabber, etc). We will need some time to make some proof-of-concepts and after having some discussion we will take a decision.

Cheers.

9

Installation and Upgrades / Re: Samba4 Crash Zentyal

« on: November 19, 2012, 08:13:59 pm »

Hi, we have just released the fix.

Cheers

10

Installation and Upgrades / Re: Samba4 Crash Zentyal

« on: November 16, 2012, 01:46:59 am »

Good news, I think I have fixed it and samba doesn't crash any more. I have submitted the patch to the samba bug tracker for review and we will release the update to the new RC5 early next week after samba developers feedback.

If you wish to follow the progress, https://bugzilla.samba.org/show_bug.cgi?id=9388

Cheers.

11

Installation and Upgrades / Re: Samba4 Crash Zentyal

« on: November 15, 2012, 04:05:22 pm »

Unfortunately this is a samba4 bug, also present in the latest RC5 that I'm testing right now. This is the real problem, /var/log/samba/samba.log

Code: [Select]

[2012/11/15 15:59:07,  2] ../source4/auth/sam.c:207(authsam_account_ok)
  sam_account_ok: Account for user 'user2\@kernevil.lan@KERNEVIL.LAN' password must change!.
*** glibc detected *** samba: munmap_chunk(): invalid pointer: 0xb583b690 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x75ee2)[0xb6ef3ee2]
/lib/i386-linux-gnu/libc.so.6(+0x765c5)[0xb6ef45c5]
/usr/lib/i386-linux-gnu/libasn1.so.8(der_free_octet_string+0x25)[0xb6810a45]
/usr/lib/i386-linux-gnu/libasn1.so.8(free_PA_DATA+0x2d)[0xb67cbfad]
/usr/lib/i386-linux-gnu/libasn1.so.8(free_METHOD_DATA+0x32)[0xb67ce052]
/usr/lib/i386-linux-gnu/libkdc.so.2(+0xf3cf)[0xb5af33cf]
/usr/lib/i386-linux-gnu/libkdc.so.2(+0x1b9ff)[0xb5aff9ff]
/usr/lib/i386-linux-gnu/libkdc.so.2(krb5_kdc_process_krb5_request+0x88)[0xb5affbe8]
/usr/lib/i386-linux-gnu/samba//service/kdc.so(+0x43bd)[0xb5b3f3bd]
/usr/lib/i386-linux-gnu/samba//service/kdc.so(+0x3fa8)[0xb5b3efa8]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_req_notify_callback+0x53)[0xb702bf53]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_req_done+0x2a)[0xb702c10a]
/usr/lib/i386-linux-gnu/samba/libsamba-sockets.so(+0x8b5a)[0xb6c2eb5a]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_req_notify_callback+0x53)[0xb702bf53]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_req_done+0x2a)[0xb702c10a]
/usr/lib/i386-linux-gnu/samba/libsamba-sockets.so(+0xc8cf)[0xb6c328cf]
/usr/lib/i386-linux-gnu/samba/libsamba-sockets.so(+0xb0bd)[0xb6c310bd]
/usr/lib/i386-linux-gnu/libtevent.so.0(+0x698a)[0xb702e98a]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_once+0xa8)[0xb702ae28]
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x2c)[0xb702afec]
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_wait+0x17)[0xb702b087]
/usr/lib/i386-linux-gnu/samba//process_model/standard.so(+0x12a3)[0xb65b02a3]
/usr/lib/i386-linux-gnu/samba/libservice.so(task_server_startup+0x75)[0xb761f975]
/usr/lib/i386-linux-gnu/samba/libservice.so(server_service_startup+0xac)[0xb761e0bc]
samba[0x80511b1]
samba(main+0x11)[0x804c121]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb6e974d3]
samba[0x804c145]
======= Memory map: ========
08048000-08057000 r-xp 00000000 fc:00 137455     /usr/sbin/samba
08057000-08058000 r--p 0000e000 fc:00 137455     /usr/sbin/samba
08058000-08059000 rw-p 0000f000 fc:00 137455     /usr/sbin/samba
08446000-08467000 rw-p 00000000 00:00 0          [heap]
08467000-09484000 rw-p 00000000 00:00 0          [heap]
b2d00000-b2d21000 rw-p 00000000 00:00 0
b2d21000-b2e00000 ---p 00000000 00:00 0
b2...
b7703000-b7723000 r-xp 00000000 fc:00 24668      /lib/i386-linux-gnu/ld-2.15.so
b7723000-b7724000 r--p 0001f000 fc:00 24668      /lib/i386-linux-gnu/ld-2.15.so
b7724000-b7725000 rw-p 00020000 fc:00 24668      /lib/i386-linux-gnu/ld-2.15.so
bfb15000-bfb36000 rw-p 00000000 00:00 0          [stack]

I will try to fix it myself, but it will be hard for sure. I think it is related to this samba bug https://bugzilla.samba.org/show_bug.cgi?id=9388 and this one http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686227.

12

Installation and Upgrades / Re: Samba4 Crash Zentyal

« on: November 07, 2012, 03:57:59 pm »

Hi,

thanks for the report. We are going to release samba4 RC4 soon, we will check if the problem still exists.

13

Installation and Upgrades / Re: _ldap._tcp.dc._msdcs missing / Join Domain

« on: November 05, 2012, 12:34:13 am »

Hi,

some details about implementation will help to understand what is going on.

The Dynamic Loadable Zones (DLZ) allow bind to store the zone information in other databases apart from plain text files. Samba4 implement the DLZ dlopen driver to store the data in the samba4 LDAP. When bind boot up, loads a a dynamic library (dlz_bind9.so) that implement the DLZ dlopen driver to retrieve/store the records from/to samba4 LDAP.

Also, there are two principals databases and two kerberos servers in a zentyal box. One pair is installed by "users and groups" module (heimdal daemon storing principals in openLDAP) and the other is embedded in samba4. The heimdal daemon listens on port 8880 and samba4 KDC on port 88.

When the users and groups module is installed, openLDAP is populated and the heimdal kerberos principals are created. Also, a domain and all kerberos records are added to it to allow clients to locate the KDC (kerberos server). This database is which you are inspecting executing kadmin, the heimdal admin tool.

After that, when samba4 is installed and provisioned a flag is switched in the auto created DNS domain to skip the records added by the users and groups module, because clients should use the samba4 KDC, not heimdal. Your problem seems to be that this flag is not properly set up, so when samba_dnsupdate try to get a ticket for the ZEN$ principal (the machine account, stored in the samba4 principals database) it is not found because the DNS is answering with the heimdal port (8880) instead of samba4 (88)

You can check it by executing:

Code: [Select]

dig SRV _kerberos._tcp.neo.lan
If you haven't any problem during installation and enabling the modules, this is clearly a bug caused by a random combination of actions. The easiest solution is to reinstall the server and skip the package installation wizard. Then pull updated package versions from internet and install zentyal-samba.

Please take note about the actions you perform, so we can reproduce the bug if it is not fixed in the current package version.

Thanks for reporting.

14

Installation and Upgrades / Re: _ldap._tcp.dc._msdcs missing / Join Domain

« on: November 04, 2012, 04:31:59 pm »

Hi,

the records for AD are not stored in /etc/bind/, they are stored in the samba4 database and bind read them as a dlz (dynamic loadable zone). To update this zone with all required records you can execute

Code: [Select]

samba_dnsupdate

15

Installation and Upgrades / Re: Failure to install Domain Controller

« on: October 26, 2012, 01:06:19 am »

benronlund,

As you said, samba4 has different requirements than samba3 and that is why dns and ntp are dependences of file sharing module. You have to enable them before samba, and even if you don't save changes before enabling samba4 the code does that for you.

About the steps to reproduce, I am testing the latest packages released in the PPA. Since the first module version included in the installer we have fixed lot of bugs to ensure a consistent system setup before provisioning the samba4 database to avoid this kind of problems. I would recommend to install the basic packages with the installer, then pull updates from internet and then install samba4 module through system->software. We are going to release a new installer very soon.

Cheers.