Messages

1

Installation and Upgrades / Re: Restore backup during install

« on: December 04, 2010, 08:42:07 am »

Just taking a wild swing at this ... how about cloning the entire root partition?

So here's what I want to do:

I have a PXE/imaging server configured to remote install Zentyal onto hardware.

I want to be able to take an existing Zentyal install, backup the server configuration (not the data), and then push that configuration to new servers via PXE installation. Ideally, this process would be automated (i.e. the config is backed up nightly to the PXE server).

I have different solutions in place (drbd and iSCSI SAN storage) to deal with the data.

It looks like Zentyal uses duplicity to back up it's configs, but there doesn't seem to be a lot of documentation on what's in those configs. What I really need is a way to combine a Zentyal duplicity backup with a "fresh" Zentyal install.

So here are my questions:

Just to clarify, it looks like all the data is stored in /home. Is that accurate?

Is anything hardware-specific in a Zentyal backup?

Does anyone have any advice for combining a Zentyal backup with a Zentyal install?

2

Installation and Upgrades / Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied

« on: December 04, 2010, 08:26:47 am »

At least pgarcia you have your computers created in LDAP. servidor$ and casa$ ... any computer name I make does not get added.

I made two of the XP VM computer names "servidor" and "casa" LOL didn't work either ... probably since mi ordenador no entiende español LOL

edit: used google translate

3

Installation and Upgrades / Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied

« on: December 04, 2010, 08:18:18 am »

tail -n 20 /var/log/syslog

Code: [Select]

Dec  4 15:14:16 PDCSERVER smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:16 PDCSERVER slapd[2623]: connection_read(13): no connection!
Dec  4 15:14:16 PDCSERVER slapd[2623]: connection_read(13): no connection!
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: last message repeated 2 times
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaSID) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (memberUid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uniqueMember) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uniqueMember) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaGroupType) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (sambaSIDList) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2623]: last message repeated 5 times
Dec  4 15:14:17 PDCSERVER smbd_audit: user1|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:17 PDCSERVER slapd[2623]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER slapd[2599]: <= bdb_equality_candidates: (uid) not indexed
Dec  4 15:14:17 PDCSERVER smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:17 PDCSERVER slapd[2623]: connection_read(13): no connection!tail /var/log/messages

Code: [Select]

Dec  4 15:14:16 PDCSERVER smbd_audit: user1|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:16 PDCSERVER smbd_audit: user11|192.168.1.x|disconnect|ok|IPC$
Dec  4 15:14:17 PDCSERVER smbd_audit: user11|192.168.1.x|connect|ok|IPC$
Dec  4 15:14:17 PDCSERVER  smbd_audit: user1|192.168.1.x|disconnect|ok|IPC$

4

Installation and Upgrades / Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied

« on: December 04, 2010, 07:57:35 am »

eboxbuggy

Sorry it is not working out. Did you update your 2.0 installation? I used aptitude from the command prompt to do the upgrade of package information and then did the update from the Zentyal web interface.

Yes I did all upgrades both on GUI and CLI

It still sounds like an admin rights issue. Just to confirm if that is the problem could you please show a section of your LDAP output. This is done by using the slapcat -l <ldif out filename> from the command prompt. We need to see the ou=Computer entry and that should indicate that the Domain Admins are the ones with permission so show the Domain Admins entry and then show the entry for the user that you are using to add in the computer. Please post logs from the server as well not just from the PC.

Yes it seems the XP Workstations do not recognize the users as "DOMAIN ADMINS". Aside from this I think one of the reasons why it doesn't work is that LDAP refuses to create the "CLIENT WORKSTATION (winxp-client$). Manually adding these do not work smbldap-useradd -w -i computer-name

COMPUTERS

# Computers, ldap.server
dn: ou=Computers,dc=ldap,dc=server
ou: Computers
objectClass: organizationalUnit

DOMAIN ADMIN

# Domain Admins, Groups, ldap.server
dn: cn=Domain Admins,ou=Groups,dc=ldap,dc=server
cn: Domain Admins
gidNumber: 512
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Domain Admins
sambaGroupType: 2
sambaSID: S-1-1-12-1234567890-123456789-1234567890-512

ADMINISTRATOR

# Administrators, Groups, ldap.server
dn: cn=Administrators,ou=Groups,dc=ldap,dc=server
cn: Administrators
gidNumber: 544
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Administrators
sambaGroupType: 5
sambaSID: S-1-1-12-544

USER1

# user1, Users, ldap.server
dn: uid=user1,ou=Users,dc=ldap,dc=server
cn: XP Admin
uid: user1
sn: Admin
loginShell: /bin/bash
uidNumber: 2003
gidNumber: 1901
homeDirectory: /home/user1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
objectClass: sambaSamAccount
eboxSha1Password: {SHA}/4UYBy6LjMknx5sbDaoVkBTVLmA=
eboxMd5Password: {MD5}c8jbnP1BLrmCG+YIFd7wtA==
eboxLmPassword: DC5926EC70745A46AAD3B435B51404EE
eboxNtPassword: 6AF7AC71414E614500FE2F3E353BC37A
eboxDigestPassword: {MD5}IyoSB7+tJk/gzG2A1R/PqQ==
eboxRealmPassword: {MD5}232a1207bfad264fe0cc6d80d51fcfa9
givenName: XP
sambaProfilePath: \\SERVER\profiles\user1
sambaHomePath: \\SERVER\homes\user1
sambaSID: S-1-1-12-1234567788990-123456789-1234567890-5006
sambaPrimaryGroupSID: S-1-1-12-1234567890-123456789-1234567890-513
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1291280759
sambaKickoffTime: 2147483647
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
sambaAcctFlags:
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaPwdCanChange: 0

USERS GROUP

# Domain Users, Groups, ldap.server
dn: cn=Domain Users,ou=Groups,dc=ldap,dc=server
cn: Domain Users
gidNumber: 513
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: eboxGroup
memberUid: user1
memberUid: user2
displayName: Domain Users
sambaGroupType: 2
sambaSID: S-1-1-12-1234567890-123456789-1234567890-513

5

Installation and Upgrades / Re: LDAP Master + Samba PDC Slave + WinXP SP3 Client = Access Denied

« on: December 02, 2010, 10:33:19 am »

got the same error ...

use 1.4 dude lol  domain logins work perfectly with our setup

6

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: December 02, 2010, 07:57:58 am »

Well it looks like it still doesn't work bamalam ...  

Edited the admin users, and created new ones with PAM ENABLED, gave them /bin/bash login shell. Tried /bin/sh too but that didn't work either.

Still getting ACCESS DENIED

Code: [Select]

12/02 14:57:43 NetpDoDomainJoin
12/02 14:57:43 NetpMachineValidToJoin: 'XPTEST'
12/02 14:57:43 NetpGetLsaPrimaryDomain: status: 0x0
12/02 14:57:43 NetpMachineValidToJoin: status: 0x0
12/02 14:57:43 NetpJoinDomain
12/02 14:57:43 Machine: XPTEST
12/02 14:57:43 Domain: DOMAIN
12/02 14:57:43 MachineAccountOU: (NULL)
12/02 14:57:43 Account: DOMAIN\admin1
12/02 14:57:43 Options: 0x27
12/02 14:57:43 OS Version: 5.1
12/02 14:57:43 Build number: 2600
12/02 14:57:43 ServicePack: Service Pack 3
12/02 14:57:43 NetpValidateName: checking to see if 'DOMAIN' is valid as type 3 name
12/02 14:57:43 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN' returned 0x0
12/02 14:57:43 NetpValidateName: name 'DOMAIN' is valid for type 3
12/02 14:57:43 NetpDsGetDcName: trying to find DC in domain 'DOMAIN', flags: 0x1020
12/02 14:57:43 NetpDsGetDcName: found DC '\\PDCSERVER' in the specified domain
12/02 14:57:43 NetpJoinDomain: status of connecting to dc '\\PDCSERVER': 0x0
12/02 14:57:43 NetpGetLsaPrimaryDomain: status: 0x0
12/02 14:57:43 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\PDCSERVER'
12/02 14:57:43 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
12/02 14:57:43 NetpLsaOpenSecret: status: 0xc0000034
12/02 14:57:43 NetpGetLsaPrimaryDomain: status: 0x0
12/02 14:57:43 NetpLsaOpenSecret: status: 0xc0000034
12/02 14:57:43 NetpManageMachineAccountWithSid: NetUserAdd on '\\PDCSERVER' for 'XPTEST$' failed: 0x5
12/02 14:57:43 NetpJoinDomain: status of creating account: 0x5
12/02 14:57:43 NetpJoinDomain: initiaing a rollback due to earlier errors
12/02 14:57:43 NetpLsaOpenSecret: status: 0x0
12/02 14:57:43 NetpJoinDomain: rollback: status of deleting secret: 0x0
12/02 14:57:43 NetpJoinDomain: status of disconnecting from '\\PDCSERVER': 0x0
12/02 14:57:43 NetpDoDomainJoin: status: 0x5


7

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: December 02, 2010, 05:50:30 am »

Potential Fix to the Problem

I had the same problem as eboxbuggy but with a LDAP master and Samba PDC master configuration - note that the heading on this post says Samba PDC Slave. I was getting Access denied as well but my first mistake was using a regular Linux login with superuser privileges.

.

Thanks for the info bamalam ... will try this one out with a new install. I upgraded my old installation and it somehow borked everything on my LDAP Master. Will post the bugs in a new thread. 

8

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 20, 2010, 05:04:43 am »

Actually, the idea of the subscription + support is to save the sysadmin time and avoid risks
in production deployments. In the webpage and the official offering we clearly state
that the free version is meant for testing environments. If you put the community version of Zentyal
in a production environment is under your own criteria and risk.

I still do have this version 2 on VM for testing. Borked my server with 1.4 when I upgraded from 1.2 so I learned my lesson from that.

US$255 subscription + US$645 support per year? Which I would probably use 1-2x in a year? Thanks but I'll just stick with 1.4 in the meantime.

I don't know about the others here but personally I think it would be nice to have a working distribution in exchange for all the BUG TESTING we are doing for you.

Isn't that the concept of having a community version? We tell you the problem, you fix it, and charge other people for it.

You get something ... we get something too. 

9

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 19, 2010, 12:15:55 pm »

Yeah this thing is supposed to work OOB  

Anyway, I'll try to go with your "ALL-IN-ONE" box design. Will just change my logon scripts to bind the other file server shares.

more overtime work for me without pay

edit: nvm ... lol

10

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 19, 2010, 11:50:11 am »

loginShell: /bin/false

Shouldn´t have a viable shell? Or it is not related with the documentation??

# Set a valid shell like 'bash' in "Users and Groups -> LDAP Settings"
# The above change will only affect the users we create from now on.

Hmmm ... the /bin/false was default for adding the machine account. I did the machine adding manually.

If you setup LDAP & Samba manually with a different distribution you need to add the machine account. You probably didn't do this when you had yours working right?

Code: [Select]

smbldap-useradd -w client-winxp
edit: I found a site that said to add a -i option in addmachine script of smb.conf but it always reverted to the default when I restart it. So I did this again manually but still failed

Code: [Select]

smbldap-useradd -i -w client-winxp

11

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 19, 2010, 11:41:25 am »

hmmm ... guess it still is buggy ... no upgrades yet for me then

C:\Windows\debug\NetSetup.log

Code: [Select]

11/19 18:29:24 -----------------------------------------------------------------
11/19 18:29:24 NetpValidateName: checking to see if 'DOMAIN' is valid as type 3 name
11/19 18:29:24 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN' returned 0x0
11/19 18:29:24 NetpValidateName: name 'DOMAIN' is valid for type 3
11/19 18:29:33 -----------------------------------------------------------------
11/19 18:29:33 NetpDoDomainJoin
11/19 18:29:33 NetpMachineValidToJoin: 'CLIENT-WINXP1'
11/19 18:29:33 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:33 NetpMachineValidToJoin: status: 0x0
11/19 18:29:33 NetpJoinDomain
11/19 18:29:33 Machine: CLIENT-WINXP1
11/19 18:29:33 Domain: DOMAIN
11/19 18:29:33 MachineAccountOU: (NULL)
11/19 18:29:33 Account: DOMAIN\user1
11/19 18:29:33 Options: 0x25
11/19 18:29:33 OS Version: 5.1
11/19 18:29:33 Build number: 2600
11/19 18:29:33 ServicePack: Service Pack 3
11/19 18:29:33 NetpValidateName: checking to see if 'DOMAIN' is valid as type 3 name
11/19 18:29:33 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN' returned 0x0
11/19 18:29:33 NetpValidateName: name 'DOMAIN' is valid for type 3
11/19 18:29:33 NetpDsGetDcName: trying to find DC in domain 'DOMAIN', flags: 0x1020
11/19 18:29:33 NetpDsGetDcName: found DC '\\PDCSERVER' in the specified domain
11/19 18:29:33 NetpJoinDomain: status of connecting to dc '\\PDCSERVER': 0x0
11/19 18:29:33 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:33 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\PDCSERVER'
11/19 18:29:33 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
11/19 18:29:33 NetpLsaOpenSecret: status: 0xc0000034
11/19 18:29:33 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:33 NetpLsaOpenSecret: status: 0xc0000034
11/19 18:29:34 Failed to validate machine account for CLIENT-WINXP1 against \\PDCSERVER: 0xc000006d
11/19 18:29:34 NetpJoinDomain: w9x: status of validating account: 0x52e
11/19 18:29:34 NetpJoinDomain: initiaing a rollback due to earlier errors
11/19 18:29:34 NetpLsaOpenSecret: status: 0x0
11/19 18:29:34 NetpJoinDomain: rollback: status of deleting secret: 0x0
11/19 18:29:34 NetpJoinDomain: status of disconnecting from '\\PDCSERVER': 0x0
11/19 18:29:34 NetpDoDomainJoin: status: 0x52e
11/19 18:29:34 -----------------------------------------------------------------
11/19 18:29:34 NetpDoDomainJoin
11/19 18:29:34 NetpMachineValidToJoin: 'CLIENT-WINXP1'
11/19 18:29:34 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:34 NetpMachineValidToJoin: status: 0x0
11/19 18:29:34 NetpJoinDomain
11/19 18:29:34 Machine: CLIENT-WINXP1
11/19 18:29:34 Domain: DOMAIN
11/19 18:29:34 MachineAccountOU: (NULL)
11/19 18:29:34 Account: DOMAIN\user1
11/19 18:29:34 Options: 0x27
11/19 18:29:34 OS Version: 5.1
11/19 18:29:34 Build number: 2600
11/19 18:29:34 ServicePack: Service Pack 3
11/19 18:29:34 NetpValidateName: checking to see if 'DOMAIN' is valid as type 3 name
11/19 18:29:34 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN' returned 0x0
11/19 18:29:34 NetpValidateName: name 'DOMAIN' is valid for type 3
11/19 18:29:34 NetpDsGetDcName: trying to find DC in domain 'DOMAIN', flags: 0x1020
11/19 18:29:34 NetpDsGetDcName: found DC '\\PDCSERVER' in the specified domain
11/19 18:29:34 NetpJoinDomain: status of connecting to dc '\\PDCSERVER': 0x0
11/19 18:29:34 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:34 NetpGetNt4RefusePasswordChangeStatus: trying to read from '\\PDCSERVER'
11/19 18:29:34 NetpGetNt4RefusePasswordChangeStatus: RefusePasswordChange == 0
11/19 18:29:34 NetpLsaOpenSecret: status: 0xc0000034
11/19 18:29:34 NetpGetLsaPrimaryDomain: status: 0x0
11/19 18:29:34 NetpLsaOpenSecret: status: 0xc0000034
11/19 18:29:34 NetpManageMachineAccountWithSid: NetUserAdd on '\\PDCSERVER' for 'CLIENT-WINXP1$' failed: 0x5
11/19 18:29:34 NetpJoinDomain: status of creating account: 0x5
11/19 18:29:34 NetpJoinDomain: initiaing a rollback due to earlier errors
11/19 18:29:34 NetpLsaOpenSecret: status: 0x0
11/19 18:29:34 NetpJoinDomain: rollback: status of deleting secret: 0x0
11/19 18:29:34 NetpJoinDomain: status of disconnecting from '\\PDCSERVER': 0x0
11/19 18:29:34 NetpDoDomainJoin: status: 0x5



12

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 18, 2010, 04:38:22 pm »

well off to bed ...

here's the latest log
/var/log/samba/client-winxp1

Code: [Select]

[2010/11/18 23:32:39,  0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: failed to get machine password for account CLIENT-WINXP1$: NT_STATUS_ACCESS_DENIED
[2010/11/18 23:32:51,  0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/11/18 23:32:51,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2010/11/18 23:33:40,  0] rpc_server/srv_netlog_nt.c:336(get_md4pw)
  get_md4pw: Workstation CLIENT-WINXP1$: no account in domain
[2010/11/18 23:33:40,  0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: failed to get machine password for account CLIENT-WINXP1$: NT_STATUS_ACCESS_DENIED

ldapsearch

Code: [Select]

# CLIENT-WINXP1$, Computers, ldap.server
dn: uid=CLIENT-WINXP1$,ou=Computers,dc=ldap,dc=server
objectClass: top
objectClass: account
objectClass: posixAccount
cn: CLIENT-WINXP1$
uid: CLIENT-WINXP1$
uidNumber: 2022
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer


13

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 18, 2010, 02:52:20 pm »

i could be wrong, but do you have firewall activated on xp or zentyal or in between them?

tried it on a fresh xp sp3 vm ... no firewall, no av on both

accessing the shares works fine with the username/password

Code: [Select]

\\192.168.1.x\testshare
xp somehow does not recognize the user as a domain admin/administrator
everything seems to work though if i do an ldap search

smbldap-groupshow "Administrators"

Code: [Select]

dn: cn=Administrators,ou=Groups,dc=ldap,dc=server
cn: Administrators
gidNumber: 544
objectClass: posixGroup,sambaGroupMapping,eboxGroup
memberUid: user1,user2
displayName: Administrators
sambaGroupType: 5
sambaSID: S-1-1-12-123

smbldap-groupshow "Domain Admins"

Code: [Select]

dn: cn=Domain Admins,ou=Groups,dc=ldap,dc=server
cn: Domain Admins
gidNumber: 512
objectClass: posixGroup,sambaGroupMapping,eboxGroup
memberUid: user1,user2
displayName: Domain Admins
sambaGroupType: 2
sambaSID: S-1-1-12-1234567890-1234567-123456789-123


14

Installation and Upgrades / Re: samba fails to start - zentyal 2, clean install

« on: November 18, 2010, 10:38:58 am »

hmmm ... that's cool. let me know if domain logins work ... am having problems adding XP workstations to the samba PDC 

15

Installation and Upgrades / Re: LDAP Master/Samba PDC Slave + WinXP SP3 = Access Denied

« on: November 18, 2010, 10:00:54 am »

saw this link in ubuntu forum but it didn't work
http://ubuntuforums.org/showthread.php?t=1196622