Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - victorsts

Pages: [1]
Directory and Authentication / Re: OU "groups" not show in RSAT
« on: October 25, 2021, 10:50:01 am »
Not sure if I understand you correctly.

You are right, "Users" and "Groups" are containers. But I can only see "Users" container, but not "Groups" container using RSAT. I'm I supposed to be able of seeing them both?

Directory and Authentication / Re: Domain with PDC+BDC at Zentyal
« on: October 22, 2021, 06:00:24 pm »
Zentyal uses Active Directory, which does not use the concept of PDC/BDC as old NT domain servers used. Besides the FSMO roles, each Zentyal server in a domain replicate AD information and each one is able to authenticate users at any time.

One exception to this is the SYSVOL data which must be replicated from the server holding the "PDC Emulator" FSMO role to the other(s) servers by any mean applicable.

What exactly did not work while that "PDC" servers was off?

Directory and Authentication / OU "groups" not show in RSAT
« on: October 21, 2021, 05:32:36 pm »

I have a Zentyal 7.0 instance with Samba AD. It is working correctly as far as I know. There is an OU called "Groups", which seems to be created by default. I have created a few groups there and have used them in the fileserver to assign permissions to folders without issues.

Now I wanted to move those groups to another OU using RSAT in a Windows hosts, but RSAT does now show that "Groups" OU.

I know I can use samba-tool to move the groups to another OU, but why that "Groups" is not shown in RSAT?  Other OUs are shown correctly.

Thanks in advance.


I have two domain controllers using Zentyal 7, dc01 and dc02. dc01 has all the FSMO roles and was the first installed with a new domain. Then added dc02 and everything seems to be working fine. I have unidirectional sysvol replication using lrsync from dc01 to dc02 and all admin consoles are set up to connect to dc01 to edit GPO, users/groups, etc.

Now I was thinking about implementing bidirectional replication, but checking the official Samba docs (, I read "Make sure, that you have identical IDs of built-in groups on all DCs". That means creating a copy of /usr/local/samba/private/idmap.ldb and place it in the additional DCs.

My problem is that /usr/local/samba/private/idmap.ldb is NOT identical in both DC's. The one in dc01 has 69 entries and that in dc02 has 82. I can't figure out why dc02 has more entries than dc01, given that the latter is the FSMO roles owner and has always been.

Should I copy /usr/local/samba/private/idmap.ldb from dc01 to dc02?
What is that file used for in Zentyal?
Does Zentyal create that copy of /usr/local/samba/private/idmap.ldb when adding itself as an additional controller?

Thanks in advance.


After reading I tried to use a Win10 PC + RSAT tools. I could connect to Zentyal DNS for the AD domain and manage the DNS service without any issues.

Using RSAT tools I could create/modify/delete hosts. I could even create different domains. All those settings got replicated among all 3 DCs automatically (although with some delay).

Why does Zentyal UI allow to make such changes if they wont be applied to the underlying bind daemon? Wouldn't it be easier to just place a notice "hey, you cant do that using this UI, use RSAT for it, ty!"?

Other modules / Re: DNS with diffrent ip address
« on: November 26, 2019, 12:05:44 pm »
If I understand this correctly, the problem the OP has is that he needs to QUERY the Zentyal DNS server from a different network other than that configured in the "internal" interface. Try this:

Code: [Select]
# vi /etc/zentyal/dns.conf

# Internal networks allowed to do recursive queries
# to Zentyal DNS caching server. Local networks are already
# allowed and this setting is intended to networks
# reachables through static routes.
# Example: intnets =,
intnets =,

Then restart Zentyal DNS service to apply


Same issue with a fresh installation of Zentyal 6.1. If I add a host (A record) to the main domain (the one used by Samba), direct resolution does not work with NXDOMAIN, but reverse resolution does work.

Dumping bind data with rndc dumpdb -zones creates the file /var/cache/bind/named_dump.db. Editing that file shows that the hosts I created in the GUI are not in bind's configuration, so obviously bind can't resolve them.

Please, could anyone confirm that with a previous Zentyal version you can create hosts within a Samba (dynamic) zone?
Thanks in advance.

If I create another zone, not related to Samba/Active Directory, hosts are created correctly both for direct and reverse resolution.

Pages: [1]