Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: thorsten on December 05, 2012, 04:20:50 pm
-
Hi All,
again, the same old problem with each new installation: Just as I am sad as this is a problem with each installation - I like to summarize my problem.
Again, I installed the new Zentyal 3.0 on my server hardware and now I want to join the Domain.
- My windows 7 client was running on my Zentyal 2.2 installation perfectly - until yesterday
- Consequently the required registry entries were set correctly
- I joined the previoius domain with a domain Administrator accound I call "pdcadmin"
- I left the domain by simply assignin the Workgroup "WORKGROUP" on my Clinent using the local Windows administrator account
- I installed the new, promissing Zentyal 3.0 system, set up the File Sharing client, collecte my few users and groups and Surprise:
- There is no checkbox to set a specifc user to be a domain admin - I swear there was something like this in Zentyal 2.2
- OK, there is a Group called "DomainAdmin" among some others I have never defined. Also there is a samba user called "Administrator" .... OK ... fine
- I tied to make one of my accounts as a domain admins by simply joining the account to the Group "Domain Admin"
- I tied to joint the domain by means of my created user (I tried any) - can not join the domain
- I tied to joint the domain by means of the user "Administrator" - can not join the domain
Oh, of course, this is a perfect plain, clean installation: I did not even touch any other setting within Zentyal before trying to join the domain. The error is:
The specified domain either does not exist or could not be contacted.
Interessting: if I do not enter the the Domain to be joined correct, the error response is much faster and it says that the AD is not existant. I think the issues is somehow that I do not have an administrative user within Zentyal as I had before. I will countercheck how it worked on Zentyal 2.x - thanks good I got a hot swap system and I used complete new hard disks.. :)
Any Ideas?
Thanks
Thorsten
-
evening
off the top of my head:
make sure the time on Zentyal server and Windows 7 pc are in sync for kerberos
I changed the password of the Zentyal/Samba administrator account and used this to join the domain
the win 7 registry changes are not required with Zentyal 3
dns must be setup correctly for Zentyal/Samba to work correctly
the domain name should be along the lines of zentyal-domain.lan (the realm name under file sharing)
let us know how it goes
-
Hello,
There is still a ticket for this problem ( ticket #5313 ).
The problem occures afther an upgrade of zentyal 3.0.x.
In the begin here was no problem joining an domain for Windows 7 clients.
Best regards,
Ian
-
Hi Ian
I'm not encountering this problem or the slow logon, H: drive not being mapped or the netbios name not being seen as mentioned in the ticket.
Has this has been fixed as my recent test install started at Zentyal 3.07 before I got the chance to configuring file sharing ?
Thanks
jason
-
Hello Jase,
I have not yet tested the latest releases of 3.0.x, but the problem of joining a domain was with release 3.0.6.
At the moment there is a problem with the latest improvements of release 3, the zentyal-dns and the Zentyal-samba new modules could not be upgraded.An error occures by upgrading the software
Best regards,
Ian
-
Hello Jase,
I just did a test with a brand new installation of Zentyal from scratch, Zentyal 3.0.8 with the modules Office and communications.
It is still not possible to join a domain with a Windows 7 client ( even not with an WindowsXp client ).
It was only possible in releases 2.2 and releases before 3.0.6
So we still have to wait on the results of the adaption of the related modules.
Best regards,
Ian
-
Hi Ian
I'm not having the same problem, if you have a look at my last post at http://forum.zentyal.org/index.php/topic,13171.msg54633.html#msg54633 (http://forum.zentyal.org/index.php/topic,13171.msg54633.html#msg54633)
this was with Zentyal 3.07 and it worked.
If you are still not getting in let me know and I'll install again (tomorrow) and try again, as we need to prove if there is an issue or not?
Regards
Jason
-
If you would as I did try samba4 and it did work. It was samba4 I was reinstalling due to not being able to join the domain with win7 clients.
Then the DNS bug seemed to cause many probs.
I am also going to be online tomorrow and aiming purely to get a working AD domain.
I have this vain hope to also have an additional controller but we will have to see.
Any of you going to be on the forum or on IRC?
I will be at it midday till late.
Saturday morning is guardian crossword and posh coffee morning with my girl, so it will be midday before I emerge
-
Hello,
conect
As i told before, it is still not possible to join a domain with Windows 7 clients.
This problem occures since the update afther release 3.0.5, it is also not possible to join a domain with WindowsXp clients.
Joining a domain means, become a member of the domain.
While not being a member of a domain it is possible to connect to shares where a user has access to, but that is a difference than be a member where login sccripts are possible.
So i hope that the problem to join domains soon is solved, it is strange that this problem did not occure in the first release of Zentyal 3.
Roming profiles in an environment with more than 50 client is not always evident to work, even with a Microsoft server.
Best regards,
Ian
-
Have we got any details from the dev team. Or a trac reference.
I will still have a go and start providing some details of what the logs say.
I presume this is from the raring repo and we are on 4.0.0~rc5+dfsg1-1: amd64 i386 and that will be the change.
We where on 4.0.0~beta2+dfsg1-3: amd64 i386 from the quantal repo (which worked). Or was it RC2? It worked though.
From referencing samba.org this would seem to point at the zentyal package.
I would like to ask why we have a normal release that is still a Beta and not fit for production.
Can we not freeze a working version and at least give the community the choice to use a working product?
-
Hello Ian
I'm joining the domain have a roaming profile and a home folder mapped, all under Zentyal 3.07 (File sharing v3.09) on a previous version the roaming profiles were not working due to permissions and the drive was not being mapped. I haven't tried the login scripts or group policies but they're next on the list of tasks
regards
Jason
update it's Zentyal 3.08 not .07
This is on a HP proliant microserver and a previously used windows 7 pc with no registry changes, joined the domain straight away.
-
Hello Jase,
Good that it works on your server.
I have a new installation from scratch , Zentyal 3.0.9, and it still does not works not possible to join a domain.
The installation is done with an cd burned from the zentyal iso file and installed on a dedicated server, not in vm.
stuartiannaylor
I have made a ticket for this problem on 19 november ticket number #5313, and hop to have a solution soon.
Best regards,
Ian
-
Didn't do anything yesterday, ended up a mammoth forbrydelsen viewing session (tak).
I will have a go today as I usually do vanilla ubuntu and apt-get install zentyal-core / zentyal-software.
Going to see if just the bare minimum of network and samba can be made to work and get some logs.
-
Same problem here. Did a fresh install today and I can't join the domain with Windows7 or Windows XP clients.
Hopefully there is a solution very soon.
Zentyal-core 3.08
Filesharing 3.09
Peter
-
Hello Ian
I've had this working in VM and am currently using on the HP microserver, the only thing I can guess that I'm doing differenlty is that I haven't setup the DNS service on the Zentyal box. How I have got this to work is allocate a fixed ip, dns server and gateway on installation (using a dynamic seemed to install but wouldn't allow me to attach even if I then set to a static address). Then I set the Zentyal servers ip address as the first dns entry on the win7 clients network adapter then I can join zentyal-domain.lan
Hi stuartiannaylor
how have you got on, managed to get away from papers and the killing ?
-
:) Nope had to stop on episode 16. Just got in.
Ok I am doing a fresh install on ubuntu 12.04.1. with current core 3.0.8.
My first attempt was just to setup the networking and then install samba and let it bring in all the modules.
Banged out and it looks like there are apparmour probs like previously suggested.
I am just having a look through the logs.
[actually apparmor just caught my eye but that is just a profile update]
dns updates don't seem to be liked.
Might be that DNS hasn't even been enabled yet.
-
This time installed users&groups so that it brings in dns and ntp.
Enabled all fine rebooted.
Installed samba
enabled same fault dnsupdate not liked.
-
Same thing again this time disabled apparmor.
sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown
sudo update-rc.d -f apparmor remove
Had a look at my DNS and all seemed Ok apart from the host name dns referenced wan before lan IP.
Deleted wan IP and added it so it became lan first.
2012/12/09 18:25:21 WARN> DNS.pm:1494 EBox::DNS::_launchNSupdate - Cannot contact with named, trying in posthook
2012/12/09 18:25:21 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/12/09 18:25:23 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/12/09 18:25:23 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/12/09 18:25:23 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/12/09 18:25:23 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/8sZGdnRteK failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/12/09 18:25:23 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/12/09 18:25:25 ERROR> Sudo.pm:233 EBox::Sudo::_rootError - root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED
Command output: .
Exit value: 2
2012/12/09 18:25:25 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module dns: root command nsupdate -l -t 10 /var/lib/zentyal/tmp/KMhaW5r168 failed.
Error output: update failed: REFUSED
-
Having a look at the temp files its trying to do the following...
zone thursbygarden.org
update delete thursbygarden.org A
update add thursbygarden.org 259200 A 192.168.3.1
update delete zen1.thursbygarden.org A
update add zen1.thursbygarden.org 259200 A 192.168.3.1
update delete thursbygarden.org MX
send
this was with a single static ip (disabled wan) also disabled apparmor !?
If you run the command as root then.
Dec 9 19:11:09 zen1 named[3145]: samba_dlz: starting transaction on zone thursbygarden.org
Dec 9 19:11:09 zen1 named[3145]: samba_dlz: disallowing update of signer=local-ddns, invalid key
Dec 9 19:11:09 zen1 named[3145]: client 127.0.0.1#35217: updating zone 'thursbygarden.org/NONE': update failed: rejected by secure update (REFUSED)
Dec 9 19:11:09 zen1 named[3145]: samba_dlz: cancelling transaction on zone thursbygarden.org
dunno what happened to my normal apparmor disable
sudo /etc/init.d/apparmor stop
sudo /etc/init.d/apparmor teardown
sudo update-rc.d -f apparmor remove
when checked still running.
apt-get remove apparmor and reboot
So same as barry
-
Ok so had to knock apparmor out of the equation.
Make sure clock is updated by zentyal ntp so synced.
Change administrator password.
make sure ntp is synced.
logon with administrator and fqdn domain name
Yeap hey presto.
So when we going to get the apparmor profile sorted?
-
Got it finally working. What I did was reinstall everything in expert-mode. When asking for the systemname go back and select manually install networking. Enter your IP, gateway and DNS server. After that enter your systemname (e.g. zentyal) and then your domainname (e.g. mydomain.lan). then proceed as normal, selecting all the modules you want. In the initial setup enter the domainname exactly as you did before. That's it. Now I can join Win7 and WinXP.
My problem was that zentyal did not change the initial domainname (zentyal-domain.lan) to my domainname, so in Samba REALM was still set to zentyal-domain.lan and WORKGROUP to mydomain.
For me this works.
Hope this will help a bit.
Regards Peter.
-
Hi Peter,
thanks, I already did this - I always install within expert mode, as I do require some special RAID settings ... :-) Of Course, Samba Realm and Domain name are exactly the same, in my case it is (like within zentyal 2.2 before) myname.dyndns.org
Best regards
Thorsten
-
Hello,
Even afther an installation with option expert mode its still does not work with my 64 bit version of Zentyal release 3.0.8.
Not possible to join a Windows 7 client or an Windows Xp client to my domain.
I think we have to wate untill the ticket is solved.
Best regards,
Ian
-
Hi
I fear (think) so, too. Anyway,
I am using 64 bit, too. Also I personally found the 64 bit release of version 2.2 to be much more buggy than the 32 bit version.
Stuartiannaylor, what do you use 32 or 64 bit?
I guess, I will give 32 bit a trial - maybe this is less buggy for 3.0.x, too ... What a waste of souped up server hardware - my two processors will die of boredom. ;D
Best regards
Thorsten
-
evening
have just installed Zentyal 3.0 64bit on the hp microserver (the install failed on hp ml350 & 370 though) and then attached to the 'zentyal-domain.lan' using a win7 64bit workstation and logged in with a roaming profile, no vm's used in this test. I guess my setup is similar to peter_b who has also got this working, if it's not working why not list your setup options used.
-
jase,
It works fine now. The only issue I have is when adding a new user I have to restart the Filesharing module to enable roaming profiles for this new user. But that's not a major problem, I can live with it.
Best regards
Peter.
-
Peter
thats a new one on me, I don't have that problem, the roaming profiles are roaming (but on zentyal <3.06 from memory, it was not working for me, seemed to be a permission issue on the folder therefore not saving on the server) but I do have the home folder not being automatically mapped which has almost consistently not mapped for me.
regards
jase
-
Hi Jase,
what system options shall I post? :-X By the way, my problem is exactly described here, too:
http://forum.zentyal.org/index.php/topic,13394.0.html (http://forum.zentyal.org/index.php/topic,13394.0.html)
Best regards
Thorsten
Yes, of course, I get the time from the zentyal NTP
-
morning thorsten
i ended up installing in a VM because i was getting the impression by other posters that zentyal had gone into a phase of not working. the steps taken are broadly noted here: http://forum.zentyal.org/index.php/topic,13171.msg54633.html#msg54633 (http://forum.zentyal.org/index.php/topic,13171.msg54633.html#msg54633)
bear in mind i'm just trying to prove to myself if zentyal works as desired in a basic setup, then progress from there.
from memory the things that i think, were catching me out: set the time zone to a major city in your time zone to make ntp work, must set a fixed ip for zentyal (not dhcp and try to fix later), for win7 to join the domain you use the 'realm' name stated in Zentyal file sharing (as the domain name). i typically use the administrator account (with pass changed) to join the domain, i have not worked out how to make the zentyal dns work in my setup so i put the servers ip address as a dns server on the win7 clients net adapter. i suggest getting it working in a basic mode to prove to yourself it will work then personalize to your needs.
i'm in the office most of the morning, so should be around...
-
DNS setting for clients :o
This is hopefully provided by Zentyal DHCP server, of course ;)
I don't understand concerns about DHCP.
Basic set-up would mean, IMHO, that Zentyal's internal NIC is set as "static" so that you can run here DHCP server for internal clients (this will provide, along with IP address, default gateway, domain, search domain, DNS, NTP...)
External NIC can be either fixed IP or DHCP client.
-
morning thorsten
....
i'm in the office most of the morning, so should be around...
Hi Jase,
did exactly as described - even made shure that both maschines are on the same time - (watching the watches on both monitors as machines are close to each other).
-> No change, I give up. I gut further Linux issues to solve on several machines.... :(
best regards
-
Hello,
See my last post [solved]samba4.
The is an explanation of how to join windows7 clients in the domain.
Best regards,
Ian