Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Linux and FreeBSD clients
« on: January 07, 2020, 11:50:17 am »
Besides our Windows servers that connect to Zentyal with Active Directory, we also have
many FreeBSD and Linux servers that connect to Zentyal with basic LDAP (sssd and nslcd).
To get "true" unix behavior, with User Private Groups we create a group with the same name
as the user, and set that as the primary group of the user (using gidNumber, not primaryGroupID).
To do this with zentyal I have to use an external editor to edit the ldap attributes, because
a) Zentyal won't allow me to create a group with the same name as an existing user and
b) I can't change the gidNumber in Zentyal UI
I don't like having to manage users in two places (Zentyal UI and external ldap editor) and the
process seems overly complicated. Is there a way to achieve what I want using only the Zentyal
UI?
many FreeBSD and Linux servers that connect to Zentyal with basic LDAP (sssd and nslcd).
To get "true" unix behavior, with User Private Groups we create a group with the same name
as the user, and set that as the primary group of the user (using gidNumber, not primaryGroupID).
To do this with zentyal I have to use an external editor to edit the ldap attributes, because
a) Zentyal won't allow me to create a group with the same name as an existing user and
b) I can't change the gidNumber in Zentyal UI
I don't like having to manage users in two places (Zentyal UI and external ldap editor) and the
process seems overly complicated. Is there a way to achieve what I want using only the Zentyal
UI?
2
Directory and Authentication / Corrupt db?
« on: November 21, 2019, 11:37:40 pm »
I inherited two zentyal servers, one PDC and one BDC. They started life as somewhere around Zentyal 4, but through a rough life of upgrades and clean installs have ended up as the PDC running 5.1 and the BDC running 6.1. The problem is that only a few of the users in the domain are being replicated to the BDC. We have around 50 users in the domain but only about 15 are replicated, and it's all users created in the last year or so. Another thing I've noticed is that if I add a user to a group on the PDC, in the textbox for the user to add, the interface shows me a list of users which matches the users that are actually replicated to the BDC.
So it seems to me that users that were created before some change have been corrupted in some way. They can be used to authenticate, but they aren't replicated to the BDC and Zentyal won't show them when offering a list of users to add to a group.
I also see alot of
Discarding older DRS linked attribute update to member
in the logs.
I ran
# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
which found and fixed a lot of errors, but the symptoms still remain. I tried restarting
samba-ad-dc.service but nothing. I haven't tried restarting zs out of fear of what might
happen since I only have one working DC now. Anyone with a possible cause and/or solution
other than spinning up two new servers and starting over?
So it seems to me that users that were created before some change have been corrupted in some way. They can be used to authenticate, but they aren't replicated to the BDC and Zentyal won't show them when offering a list of users to add to a group.
I also see alot of
Discarding older DRS linked attribute update to member
in the logs.
I ran
# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes
which found and fixed a lot of errors, but the symptoms still remain. I tried restarting
samba-ad-dc.service but nothing. I haven't tried restarting zs out of fear of what might
happen since I only have one working DC now. Anyone with a possible cause and/or solution
other than spinning up two new servers and starting over?
Pages: [1]