Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: GPO permission problems following upgrade from 3.3 to 3.4
« on: June 05, 2014, 04:36:02 pm »
I have the same issue with a clean install of version 3.4.3.
It was not working on my two servers.
PDC had all the scripts, BDC had no gpo / scripts.
Step1:
Reset needs to be done on both servers.
sudo samba-tool ntacl sysvolreset
Step2:
Do a manual sync on the empty server.
sudo net rpc share migrate files sysvol -k --destination=zyal01.ICT.LAN -S zyal03.ICT.LAN --acls -U "ICT.LAN\\dcadmin"
It is a good workarround but not a solution.. is there a solution? I have opened a bug request but no answer...
It was not working on my two servers.
PDC had all the scripts, BDC had no gpo / scripts.
Step1:
Reset needs to be done on both servers.
sudo samba-tool ntacl sysvolreset
Step2:
Do a manual sync on the empty server.
sudo net rpc share migrate files sysvol -k --destination=zyal01.ICT.LAN -S zyal03.ICT.LAN --acls -U "ICT.LAN\\dcadmin"
It is a good workarround but not a solution.. is there a solution? I have opened a bug request but no answer...
2
Installation and Upgrades / zentyal 3.4.3 sysvol replication not working (GPO's)
« on: May 16, 2014, 04:15:01 pm »
Hi,
I installed one PDC and a additional domain controller(ZENTYAL Community Edition 3.4.3).
The replication of the SYSVOL directory was not working to the additional domain controller.
Until I did:
sudo samba-tool ntacl sysvolreset on both servers.
and then
sudo net rpc share migrate files sysvol -k --destination=zyal01.ICTAD.LAN -S zyal03.ICTAD.LAN --acls -U "ICTAD.LAN\\dcadmin"
When creating new GPO in the zentyal web interface this GPO is not synced in the SYSVOL folder on the PDC and the addional domain controller.
So the GPO will also not working on the devices which are joined in the domain and where the GPO is assigned to.
Error found with sudo samba-tool ntacl sysvolcheck
When I check less /var/log/zentyal/zentyal.log
So it means everytime I create a new GPO i need to do a
This can not be normal...
How can I fix this?
Kr,
Joeri
I installed one PDC and a additional domain controller(ZENTYAL Community Edition 3.4.3).
The replication of the SYSVOL directory was not working to the additional domain controller.
Until I did:
sudo samba-tool ntacl sysvolreset on both servers.
and then
sudo net rpc share migrate files sysvol -k --destination=zyal01.ICTAD.LAN -S zyal03.ICTAD.LAN --acls -U "ICTAD.LAN\\dcadmin"
When creating new GPO in the zentyal web interface this GPO is not synced in the SYSVOL folder on the PDC and the addional domain controller.
So the GPO will also not working on the devices which are joined in the domain and where the GPO is assigned to.
Error found with sudo samba-tool ntacl sysvolcheck
Code: [Select]
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO file /var/lib/samba/sysvol/ictad.lan/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER/Scripts/Logon/login - Copy.bat O:BAG:DUD:(A;;0x001f01ff;;;DA)(A;;0x001f01ff;;;EA)(A;;0x001f01ff;;;BA)(A;;0x001f01ff;;;SY)(A;;0x001200a9;;;AU)(A;;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1695, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1646, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1603, in check_dir_acl
raise ProvisioningError('%s ACL on GPO file %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), os.path.join(root, name), fsacl_sddl, acl))
When I check less /var/log/zentyal/zentyal.log
Code: [Select]
2014/05/16 15:47:24 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 13262) - /usr/bin/test -f '/ictad.lan/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Scripts/Logon//ictad.lan/Policies/{31B2F340-
016D-11D2-945F-00C04FB984F9}/User/Scripts/Logon/login.bat'
2014/05/16 15:47:42 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal-samba/s4sync (pid: 29336) - /sbin/status 'zentyal.s4sync'
2014/05/16 15:47:42 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal-samba/s4sync (pid: 29336) - /sbin/status 'samba-ad-dc'
2014/05/16 15:47:42 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal-samba/s4sync (pid: 29336) - /sbin/status 'nmbd'
2014/05/16 15:47:43 WARN> zentyal.psgi:43 main::__ANON__ - Use of uninitialized value in concatenation (.) or string at /usr/share/perl5/EBox/Samba/GPO/Scripts.pm line 365.
2014/05/16 15:47:43 WARN> zentyal.psgi:43 main::__ANON__ - Use of uninitialized value $basename in concatenation (.) or string at /usr/share/perl5/EBox/Samba/Model/GPOScriptsLogin.pm line 53.
2014/05/16 15:47:44 DEBUG> Sudo.pm:189 EBox::Sudo::_root - /usr/share/zentyal/psgi/zentyal.psgi (pid: 13262) - /usr/bin/test -f '/ictad.lan/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Scripts/Logon//ictad.lan/Policies/{31B2F340-
016D-11D2-945F-00C04FB984F9}/User/Scripts/Logon/login - Copy.bat'So it means everytime I create a new GPO i need to do a
Code: [Select]
sudo samba-tool ntacl sysvolreset on both domain controllers before it works.This can not be normal...
How can I fix this?
Kr,
Joeri
3
Installation and Upgrades / Additional domain controller questions
« on: April 11, 2014, 04:06:27 pm »
Hi,
We have setup a DC zentyal domain controller which is hosting the domain.
After that we added an additional domain controller.
I read in an article that the additional domain controller is a SAMBA3 is this true?
What happens if the master domain controller fails? With a remote affiliate with an additional domain controller. Can the remote affiliate login?
How is sites an subnets handled in Zentyal.
Kr,
Joeri
We have setup a DC zentyal domain controller which is hosting the domain.
After that we added an additional domain controller.
I read in an article that the additional domain controller is a SAMBA3 is this true?
What happens if the master domain controller fails? With a remote affiliate with an additional domain controller. Can the remote affiliate login?
How is sites an subnets handled in Zentyal.
Kr,
Joeri
4
Installation and Upgrades / Best way to implement zentyal samba domain in multiple locations
« on: March 27, 2014, 09:58:42 pm »
Hi,
Currently we don't have an active directory domain and looking in to configuring a zentyal (samba) domain. Our company has multiple sites.
Is it possible with zentyal to have one domain controller in each site for one domain like in AD?
Or have a parent zentyal DC at central location with child DC (sub domains) at the other sites?
Is there a way in zentyal (samba) to use Administrative control? Example users from group A can administrer OU BELGIUM and users from group B can administer OU France.
Kr,
Joeri
Currently we don't have an active directory domain and looking in to configuring a zentyal (samba) domain. Our company has multiple sites.
Is it possible with zentyal to have one domain controller in each site for one domain like in AD?
Or have a parent zentyal DC at central location with child DC (sub domains) at the other sites?
Is there a way in zentyal (samba) to use Administrative control? Example users from group A can administrer OU BELGIUM and users from group B can administer OU France.
Kr,
Joeri
Pages: [1]