This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Re: Passwords randomly stop working
« on: January 12, 2016, 04:28:51 pm »
I had forgotten to run CMD as admin, when run as admin there are no errors. (I also added /all and everything was successful)
I think I found the problem...My domain has a Windows 2012 R2 DC, so the forest schema is 69. I guess I'm lucky I didn't corrupt the whole AD. Kind of disappointing, I wonder if Samba will ever support the updated schema. I'm kind of surprised I was able to get this far with it. Interestingly enough, the Zentyal documentation seems to suggest that Server 2012 would work, but all Samba4 documentation I have found says Server 2008R2 is the highest schema supported.
I think I found the problem...My domain has a Windows 2012 R2 DC, so the forest schema is 69. I guess I'm lucky I didn't corrupt the whole AD. Kind of disappointing, I wonder if Samba will ever support the updated schema. I'm kind of surprised I was able to get this far with it. Interestingly enough, the Zentyal documentation seems to suggest that Server 2012 would work, but all Samba4 documentation I have found says Server 2008R2 is the highest schema supported.
2
Directory and Authentication / Re: Passwords randomly stop working
« on: January 11, 2016, 10:30:19 pm »
This is what repadmin /showrepl looks like on the Windows DC
And this is what samba-tool drs showrepl looks like on the Zentyal DC
Code: [Select]
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SERVER1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
DSA invocationID: 2acaf987-92d4-4379-8bb5-711b168a778d
==== INBOUND NEIGHBORS ======================================
DC=DOMAINNAME,DC=int
VIR\ZENTYAL via RPC
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
Last attempt @ 2016-01-11 14:12:19 was successful.
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ 2016-01-11 14:13:05 was successful.
CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ 2016-01-11 14:01:10 was successful.
VIR\ZENTYAL via RPC
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
Last attempt @ 2016-01-11 14:12:20 was successful.
CN=Schema,CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ 2016-01-11 13:58:00 was successful.
VIR\ZENTYAL via RPC
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
Last attempt @ 2016-01-11 14:12:20 was successful.
DC=DomainDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ 2016-01-11 14:11:57 was successful.
VIR\ZENTYAL via RPC
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
Last attempt @ 2016-01-11 14:12:20 was successful.
DC=ForestDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ 2016-01-11 13:58:00 was successful.
VIR\ZENTYAL via RPC
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
Last attempt @ 2016-01-11 14:12:21 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
And this is what samba-tool drs showrepl looks like on the Zentyal DC
Code: [Select]
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:Zentyal.DOMAINNAME.int[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name Zentyal.DOMAINNAME.int<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name Zentyal.DOMAINNAME.int<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name Zentyal.DOMAINNAME.int<0x20>
Virden\Zentyal
DSA Options: 0x00000001
DSA object GUID: c5c1145a-1c62-4728-8652-59912c466118
DSA invocationId: f83562bb-716b-49d4-80c2-a1e6e53fb42b
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER1 via RPC
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
Last attempt @ Mon Jan 11 15:10:45 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:45 2016 CST
CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ Mon Jan 11 15:10:46 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:46 2016 CST
DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER1 via RPC
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
Last attempt @ Mon Jan 11 15:11:47 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:11:47 2016 CST
DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ Mon Jan 11 15:11:46 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:11:46 2016 CST
CN=Schema,CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER1 via RPC
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
Last attempt @ Mon Jan 11 15:10:50 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:50 2016 CST
CN=Schema,CN=Configuration,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ Mon Jan 11 15:10:51 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:51 2016 CST
DC=ForestDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER1 via RPC
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
Last attempt @ Mon Jan 11 15:10:41 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:41 2016 CST
DC=ForestDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ Mon Jan 11 15:10:42 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:10:42 2016 CST
DC=DomainDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER1 via RPC
DSA object GUID: 2f9f90df-33e0-445a-857a-6f0d34427e51
Last attempt @ Mon Jan 11 15:11:37 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:11:37 2016 CST
DC=DomainDnsZones,DC=DOMAINNAME,DC=int
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: c9696829-4d61-4785-9e97-3526f8023423
Last attempt @ Mon Jan 11 15:11:56 2016 CST was successful
0 consecutive failure(s).
Last success @ Mon Jan 11 15:11:56 2016 CST
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: add70383-5836-44b2-bb2b-fb0cfa8f0b0b
Enabled : TRUE
Server DNS name : SERVER1.DOMAINNAME.int
Server DN name : CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAINNAME,DC=int
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 4e514f64-52b7-434b-ad26-44a02daf2939
Enabled : TRUE
Server DNS name : SERVER2.DOMAINNAME.int
Server DN name : CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAINNAME,DC=int
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
3
Directory and Authentication / Passwords randomly stop working
« on: January 11, 2016, 09:42:04 pm »
I've added a Zentyal server on bare metal as an additional Domain Controller. I installed using the Development edition image, so it is Zentyal 4.2 on Ubuntu 14.04.
We've been encountering issues with user passwords not working when authenticating with the Zentyal domain controller, but only for some users. One user reported that an old password worked when their new password did not. Resetting the user's password seems to fix the issue for that user, and their new password syncs between all the domain controllers. I figured it was something to do with only users who have changed their passwords and zenytal was for some reason using an old hash, but today an account that has never had a password changed, and that was previously authenticating fine with the Zenytal DC now had the same issue.
Zentyal log
http://paste.ubuntu.com/14472279/
We've been encountering issues with user passwords not working when authenticating with the Zentyal domain controller, but only for some users. One user reported that an old password worked when their new password did not. Resetting the user's password seems to fix the issue for that user, and their new password syncs between all the domain controllers. I figured it was something to do with only users who have changed their passwords and zenytal was for some reason using an old hash, but today an account that has never had a password changed, and that was previously authenticating fine with the Zenytal DC now had the same issue.
Zentyal log
http://paste.ubuntu.com/14472279/
Code: [Select]
ii zentyal-ca 4.2 all Zentyal - Certification Authority
ii zentyal-common 4.2 all Zentyal - Common Library
ii zentyal-core 4.2.1.3 all Zentyal - Core
ii zentyal-dns 4.2.0.3 all Zentyal - DNS Server
ii zentyal-firewall 4.2 all Zentyal - Firewall
ii zentyal-network 4.2 all Zentyal - Network Configuration
ii zentyal-ntp 4.2 all Zentyal - NTP Service
ii zentyal-objects 4.2 all Zentyal - Network Objects
ii zentyal-openvpn 4.2 all Zentyal - VPN
ii zentyal-samba 4.2.1 all Zentyal - Domain Controller and
File Sharing
ii zentyal-services 4.2 all Zentyal - Network Services
ii zentyal-software 4.2 all Zentyal - Software Management
Pages: [1]