Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Kevinsky86

Pages: [1]
Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: December 21, 2022, 10:03:03 am »

I just want to inform you that Ubuntu has released the packages that fix the Windows 11 bug with Samba, so if you did not apply any of the proposal workarounds, you just need to update your system packages.

Best regards, Daniel Joven.

Yes I can confirm Samba update installed and then 22h2 works fine, never applied any workarounds.

Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: December 19, 2022, 06:20:21 pm »
See that mentioned package on launchpad 2:4.13.17~dfsg-0ubuntu1.20.04.2 is offered as update to Zentyal. (7 and 6)
Will test this out of production hours.

Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: November 07, 2022, 12:20:12 pm »
Hello guys,

We have written a new entry in the official documentation where we propose a workaround until Zentyal 8.0 is released or Samba fixes the bug in Ubuntu 20.04. Below you have the links:

* English:
* Spanish:

For more information about the status of this issue and the comments from peptoniET, please, read the following answers.


Best regards, Daniel Joven.

So the workaround involves setting up an entire extra domain controller?
That seems more then a little ham-fisted to me.  :)

Samba cannot be just updated for this on a component level?

There's talk on backporting the fix on ubuntu:
We need to wait for this?

What is the timeline on Zentyal 8 currently?

I'm running into this right now but am currently just electing not to update to W11 22h2. I really feel there has to be a better way.

Directory and Authentication / Re: Zentyal 7, can't create or edit GPO's
« on: February 25, 2021, 02:34:57 pm »
After running "samba-tool ntacl sysvolreset" i could edit and create group policy objects.

We have since decided to just start to migrate to Zentyal 7, and just recreate everything on a new domain without actually migrating anything.

We will ambandon this dual server setup, and just build one new box that does it all.

Installed a fresh Zentyal 7 machine. (KVM vm on Proxmox cluster)

Functionally OK, put a computer in the domain.
Can log in, create users and all that.

However with RSAT if I try to do anything with the default GPO, or create additional ones it gives me an "access denied" error.
I am a member of both Domain Admins (which IMO is what i need for GPO changes) and Schema admins group.

Tried to create a new user account that I also bombarded Domain admin.
Can log in as this user just fine but also cannot change any GPO's under this new user.

I feel like this should just work out of the box, no? Or am i missing something?

Edit: I also used my acount to put this computer in the domain to begin with.

Yesterday evening I tried updating my Zentyal 6.1.2 (or so) to at least the lastest 6.1.x, if possible 6.2.
However after I sucessfully ran the first batch of updates the machine refused to boot. Just after post I got a black screen with high CPU usage but barely any memory usage and nothing happening other then that, even though I left it like that for about 15 minutes.

For the moment i'm not super interested in troubleshooting why this happened, even though that's obviously super weird. I still have this dead VM which I will peruse at a later moment.

Unable to fix this and a dead DC obviously beeing a issue, I restored a virtual machine backup (Zentyal runs in KVM/QEMU VM on a Proxmox cluster) I made prior to running the updates, and booted that instead.

However, now when I create a user on the PDC in Zentyal's web interface or with "samba-tool user create" on the command line, the user cannot log on in the domain, and the user does not show up on the BDC which is our file server (this is another Zentyal VM), nor does it show up in the Active Directory tree when looked at with RSAT.
The only place it DOES show up in the Zentyal interface of the PDC itself.

At first I thought something in sync broke somehow and started troubleshooting this angle, but changes from our fileserver/BDC do propagate back to to the Domain Controller/PDC (including new users). And I can't find any problems with syncronisation itself when running tools like "samba-tool drs showrepl" and forcing it with "samba-tool drs replicate <rest of the synthax>". These all pass without error.
Also when I create a user directly in the AD tree using RSAT it shows up on both machines and these crededentials can subsequently also be used to log onto the network.

Where can I look to start troubleshooting this matter? I'm all out of ideas for the moment, i've been wresteling with this issue all day.
I don't really care all too much about the web interface not working but especially "samba-tool user" is used to automate this that and the other.

I have since concluded the problem is not the sync... I will open a new topic, in de correct forum subsection.

For the sake of full disclosure should anybody google for this:,35124.0.html

User changes made FROM said file server do seem to sync over.

Also running samba-tool drs replicate fileserver.domain.lan dc.domain.lan CN=Configuration,DC=Domainname,DC=lan --full-sync ran successfully on the BDC. (and didnt sync the test user i created)

Tried updating our Zentyal 6.1 DC today. However it failed and it no longer boots.
For now i'm not really interested in why that happened.
I restored the entire virtual machine from a backup i made just before I started the updates, but now the sync to the BDC seems to be broken. New users i make on the PDC will not sync over to the BDC. (which is our file server)
Both of these machines are Zentyal 6.1.

I can't find anything in any samba log on the BDC, nor do i find worrying messages when i look at for example samba-tool drs showrepl.

Can log in with said new account on a pc just fine.

Any advice on things to try?

I had some mild headaches around getting Zentyal shares accessible via alternative DNS names so I thought i'd write up a quick how to for anybody else running into this.

Situation beeing, i've got two zentyal boxes, one is a DC/authentication server, another one is supposed to just handle file shares but talk to DC for authentication and whatnot.
It's worth noting at this point Zentyal does not handle DNS requests outside of what is in it's own domain. (my firewall does DNS and just forwards all domain related requests to the zentyal DC)

Upon setting up a share i noticed //servername/share would work fine but replacing server name with anything else spawns an error upon wanting to access a share directory. (something about incorrect parameter)
This box will be replacing an older system with a different name so for legacy purposes I really want it to also work under alternative names.

So samba wants to explicitly know it's aliases, though the "netbios aliases" setting.
This needs to be defined in the samba configuration file.
If you google how to do this on a Zentyal box (as you can't just edit a config file and expect this to survive updates changes or even reboots) you will quickly find a "configuration files" page ( implying this is where you put your custom appendages.
This didn't do anything for me. (what does this do?)

I had to create a "stub" of the actual smb configuration file as described here under section stub:
So basicly

sudo mkdir /etc/zentyal/stubs
sudo mkdir /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba
nano /etc/zentyal/stubs/samba/smb.conf.mas

And add "netbios aliases = space seperated names you want to use" under the "netbios name" value which should contain the name you've origionally given it.

Save this, restart, and bob is your uncle.

Pages: [1]