Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / [SOLVED] Zentyal 7, can't create or edit GPO's
« on: February 24, 2021, 12:21:11 pm »
Installed a fresh Zentyal 7 machine. (KVM vm on Proxmox cluster)
Functionally OK, put a computer in the domain.
Can log in, create users and all that.
However with RSAT if I try to do anything with the default GPO, or create additional ones it gives me an "access denied" error.
I am a member of both Domain Admins (which IMO is what i need for GPO changes) and Schema admins group.
Tried to create a new user account that I also bombarded Domain admin.
Can log in as this user just fine but also cannot change any GPO's under this new user.
I feel like this should just work out of the box, no? Or am i missing something?
Edit: I also used my acount to put this computer in the domain to begin with.
Functionally OK, put a computer in the domain.
Can log in, create users and all that.
However with RSAT if I try to do anything with the default GPO, or create additional ones it gives me an "access denied" error.
I am a member of both Domain Admins (which IMO is what i need for GPO changes) and Schema admins group.
Tried to create a new user account that I also bombarded Domain admin.
Can log in as this user just fine but also cannot change any GPO's under this new user.
I feel like this should just work out of the box, no? Or am i missing something?
Edit: I also used my acount to put this computer in the domain to begin with.
2
Directory and Authentication / PDC won't fully create new users in AD after machine is restored from backup.
« on: January 19, 2021, 05:36:26 pm »
Yesterday evening I tried updating my Zentyal 6.1.2 (or so) to at least the lastest 6.1.x, if possible 6.2.
However after I sucessfully ran the first batch of updates the machine refused to boot. Just after post I got a black screen with high CPU usage but barely any memory usage and nothing happening other then that, even though I left it like that for about 15 minutes.
For the moment i'm not super interested in troubleshooting why this happened, even though that's obviously super weird. I still have this dead VM which I will peruse at a later moment.
Unable to fix this and a dead DC obviously beeing a issue, I restored a virtual machine backup (Zentyal runs in KVM/QEMU VM on a Proxmox cluster) I made prior to running the updates, and booted that instead.
However, now when I create a user on the PDC in Zentyal's web interface or with "samba-tool user create" on the command line, the user cannot log on in the domain, and the user does not show up on the BDC which is our file server (this is another Zentyal VM), nor does it show up in the Active Directory tree when looked at with RSAT.
The only place it DOES show up in the Zentyal interface of the PDC itself.
At first I thought something in sync broke somehow and started troubleshooting this angle, but changes from our fileserver/BDC do propagate back to to the Domain Controller/PDC (including new users). And I can't find any problems with syncronisation itself when running tools like "samba-tool drs showrepl" and forcing it with "samba-tool drs replicate <rest of the synthax>". These all pass without error.
Also when I create a user directly in the AD tree using RSAT it shows up on both machines and these crededentials can subsequently also be used to log onto the network.
Where can I look to start troubleshooting this matter? I'm all out of ideas for the moment, i've been wresteling with this issue all day.
I don't really care all too much about the web interface not working but especially "samba-tool user" is used to automate this that and the other.
However after I sucessfully ran the first batch of updates the machine refused to boot. Just after post I got a black screen with high CPU usage but barely any memory usage and nothing happening other then that, even though I left it like that for about 15 minutes.
For the moment i'm not super interested in troubleshooting why this happened, even though that's obviously super weird. I still have this dead VM which I will peruse at a later moment.
Unable to fix this and a dead DC obviously beeing a issue, I restored a virtual machine backup (Zentyal runs in KVM/QEMU VM on a Proxmox cluster) I made prior to running the updates, and booted that instead.
However, now when I create a user on the PDC in Zentyal's web interface or with "samba-tool user create" on the command line, the user cannot log on in the domain, and the user does not show up on the BDC which is our file server (this is another Zentyal VM), nor does it show up in the Active Directory tree when looked at with RSAT.
The only place it DOES show up in the Zentyal interface of the PDC itself.
At first I thought something in sync broke somehow and started troubleshooting this angle, but changes from our fileserver/BDC do propagate back to to the Domain Controller/PDC (including new users). And I can't find any problems with syncronisation itself when running tools like "samba-tool drs showrepl" and forcing it with "samba-tool drs replicate <rest of the synthax>". These all pass without error.
Also when I create a user directly in the AD tree using RSAT it shows up on both machines and these crededentials can subsequently also be used to log onto the network.
Where can I look to start troubleshooting this matter? I'm all out of ideas for the moment, i've been wresteling with this issue all day.
I don't really care all too much about the web interface not working but especially "samba-tool user" is used to automate this that and the other.
3
Installation and Upgrades / PDC / BDC (user) sync broken after restore of PDC.
« on: January 18, 2021, 11:51:22 pm »
Tried updating our Zentyal 6.1 DC today. However it failed and it no longer boots.
For now i'm not really interested in why that happened.
I restored the entire virtual machine from a backup i made just before I started the updates, but now the sync to the BDC seems to be broken. New users i make on the PDC will not sync over to the BDC. (which is our file server)
Both of these machines are Zentyal 6.1.
I can't find anything in any samba log on the BDC, nor do i find worrying messages when i look at for example samba-tool drs showrepl.
Can log in with said new account on a pc just fine.
Any advice on things to try?
For now i'm not really interested in why that happened.
I restored the entire virtual machine from a backup i made just before I started the updates, but now the sync to the BDC seems to be broken. New users i make on the PDC will not sync over to the BDC. (which is our file server)
Both of these machines are Zentyal 6.1.
I can't find anything in any samba log on the BDC, nor do i find worrying messages when i look at for example samba-tool drs showrepl.
Can log in with said new account on a pc just fine.
Any advice on things to try?
4
Installation and Upgrades / Zentyal 6.1 share not accessible through DNS/Netbios alias.
« on: June 03, 2020, 05:54:33 pm »
I had some mild headaches around getting Zentyal shares accessible via alternative DNS names so I thought i'd write up a quick how to for anybody else running into this.
Situation beeing, i've got two zentyal boxes, one is a DC/authentication server, another one is supposed to just handle file shares but talk to DC for authentication and whatnot.
It's worth noting at this point Zentyal does not handle DNS requests outside of what is in it's own domain. (my firewall does DNS and just forwards all domain related requests to the zentyal DC)
Upon setting up a share i noticed //servername/share would work fine but replacing server name with anything else spawns an error upon wanting to access a share directory. (something about incorrect parameter)
This box will be replacing an older system with a different name so for legacy purposes I really want it to also work under alternative names.
So samba wants to explicitly know it's aliases, though the "netbios aliases" setting.
This needs to be defined in the samba configuration file.
If you google how to do this on a Zentyal box (as you can't just edit a config file and expect this to survive updates changes or even reboots) you will quickly find a "configuration files" page (https://wiki.zentyal.org/wiki/Configuration_Files) implying this is where you put your custom appendages.
This didn't do anything for me. (what does this do?)
I had to create a "stub" of the actual smb configuration file as described here under section stub: https://doc.zentyal.org/en/appendix-c.html.
So basicly
sudo mkdir /etc/zentyal/stubs
sudo mkdir /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba
nano /etc/zentyal/stubs/samba/smb.conf.mas
And add "netbios aliases = space seperated names you want to use" under the "netbios name" value which should contain the name you've origionally given it.
Save this, restart, and bob is your uncle.
Situation beeing, i've got two zentyal boxes, one is a DC/authentication server, another one is supposed to just handle file shares but talk to DC for authentication and whatnot.
It's worth noting at this point Zentyal does not handle DNS requests outside of what is in it's own domain. (my firewall does DNS and just forwards all domain related requests to the zentyal DC)
Upon setting up a share i noticed //servername/share would work fine but replacing server name with anything else spawns an error upon wanting to access a share directory. (something about incorrect parameter)
This box will be replacing an older system with a different name so for legacy purposes I really want it to also work under alternative names.
So samba wants to explicitly know it's aliases, though the "netbios aliases" setting.
This needs to be defined in the samba configuration file.
If you google how to do this on a Zentyal box (as you can't just edit a config file and expect this to survive updates changes or even reboots) you will quickly find a "configuration files" page (https://wiki.zentyal.org/wiki/Configuration_Files) implying this is where you put your custom appendages.
This didn't do anything for me. (what does this do?)
I had to create a "stub" of the actual smb configuration file as described here under section stub: https://doc.zentyal.org/en/appendix-c.html.
So basicly
sudo mkdir /etc/zentyal/stubs
sudo mkdir /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba
nano /etc/zentyal/stubs/samba/smb.conf.mas
And add "netbios aliases = space seperated names you want to use" under the "netbios name" value which should contain the name you've origionally given it.
Save this, restart, and bob is your uncle.
Pages: [1]