Recent Posts

Pages: 1 ... 8 9 [10]
91
Installation and Upgrades / Re: What is the difference Between Iaas VS Paas
« Last post by JonathanTest on August 17, 2019, 11:25:22 am »
IaaS delivers Cloud Computing infrastructure, including things such as servers, network, operating systems, and storage, through virtualization technology. ... As opposed to SaaS or PaaS, IaaS clients are responsible for managing aspects such as applications, runtime, OSes, middleware, and data.Detailed comparasion is here: https://docsbay.net/saas-vs-paas-vs-iaas-what-s-the-difference-and-how-to-choose Hope it helps!
92
Installation and Upgrades / Re: Active Directory domain name [SOLVED]
« Last post by aaloise on August 16, 2019, 08:12:50 pm »
Does it actually work? Shoould I set it to true or to 1? The value present is 0.
93
Hello,
I'm new to Zentyal and Windows AD, and I've just installed Zenytal 6.0 as a standalone Domain Controller (hostname master, domain insieme.lan) with roaming profiles enabled.

I successfully joined a Windows 10 VM to the domain (INSIEME) and created a new domain user (alex) with romaing profile (\\master.INSIEME.LAN\profiles\alex), and I have the same problem: GPO's are not applied on user logon.

I followed your suggestion and created the above registry keys, but it did not help.

Moreover, after I modified the default domain policy (I set password expiration to 42 days) and rebooted the W10 client, the roaming profile stopped working: on logon windows now complains about a problem with mobile profile and uses a saved local profile.

The event viewer says that User profile service is unable to access the server copy of the mobile profile, but the profile dir (/home/samba/profiles/alex and /home/samba/profiles/alex.V6) are still there (they were created by Windows on first logon), and I can access the profile path \\master.INSIEME.LAN\profiles\alex and \\master.INSIEME.LAN\profiles\alex.V6 using Explorer when logged in as user 'alex', so I cannot understand why Windows cannot find the profile.

I also created a "\\*\PROFILES" key similar to "\\*\SYSVOL" and "\\*\NETLOGON" above, but again with no result.
I also appended ",RequireIntegrity=0,RequirePrivacy=0" (from this post https://blogs.technet.microsoft.com/leesteve/2017/08/09/demystifying-the-unc-hardening-dilemma/) to the keys value, but nothing helped.

Does anyone have any suggestion?

Thanks,
Alessandro


 

94
Hi!

Thanks again for the advise.

I have run the manual replication a few times now.

Unfortunately the error still shows up from the Windows DC
Quote
Active Directory Domain Services Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database.  Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".
 
 
Source domain controller:
4e851e84-f1a2-4f88-a252-ce2fc2dc40f5._msdcs.company.com <--- this is the Zentyal DC-

Object:
DC=122\0ADEL:e6508b9b-c06f-420f-b2a0-87ebff728ee5,CN=Deleted Objects,DC=ForestDnsZones,DC=company,DC=com
Object GUID:
e6508b9b-c06f-420f-b2a0-87ebff728ee5  This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory Domain Services database.  This replication attempt has been blocked.


Meanwhile samba-tool drs showrepl shows no errors

Quote
root@torvmdcz01:~# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:torvmdcz01.company.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name torvmdcz01.company.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name torvmdcz01.company.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name torvmdcz01.company.com<0x20>
CA-TOR-SITE\TORVMDCZ01
DSA Options: 0x00000001
DSA object GUID: 4e851e84-f1a2-4f88-a252-ce2fc2dc40f5
DSA invocationId: 7c54fa1e-166c-4354-87d9-5ab7c04a5d30

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:07:18 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:07:18 2019 EDT

DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:09:06 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:09:06 2019 EDT

DC=company,DC=com
        G-SITE\GARSGVMDC01 via RPC
                DSA object GUID: 982d5579-19f2-4388-b86a-4262de974456
                Last attempt @ Thu Aug 15 11:09:25 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:09:25 2019 EDT

DC=company,DC=com
        TW-SG-SITE\GARTYNVMDC01 via RPC
                DSA object GUID: 35f096bf-779d-4e86-a78d-94df0bee08e3
                Last attempt @ Thu Aug 15 11:09:04 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:09:04 2019 EDT

CN=Schema,CN=Configuration,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:07:22 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:07:22 2019 EDT

DC=DomainDnsZones,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:07:20 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:07:20 2019 EDT

DC=DomainDnsZones,DC=company,DC=com
        TW-SG-SITE\GARTYNVMDC01 via RPC
                DSA object GUID: 35f096bf-779d-4e86-a78d-94df0bee08e3
                Last attempt @ Thu Aug 15 11:08:04 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:08:04 2019 EDT

CN=Configuration,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:07:22 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:07:22 2019 EDT

==== OUTBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:06:20 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:06:20 2019 EDT

DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:05:04 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:05:04 2019 EDT

CN=Schema,CN=Configuration,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Tue Aug 13 15:32:07 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Tue Aug 13 15:32:07 2019 EDT

DC=DomainDnsZones,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:08:06 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:08:06 2019 EDT

CN=Configuration,DC=company,DC=com
        CA-TOR-SITE\TORVMDC01 via RPC
                DSA object GUID: 0ca674bc-46aa-4647-9658-b76d75b5dc42
                Last attempt @ Thu Aug 15 11:02:54 2019 EDT was successful
                0 consecutive failure(s).
                Last success @ Thu Aug 15 11:02:54 2019 EDT

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 7d472401-ab78-4c4c-9ae5-4056aafb87c3
        Enabled        : TRUE
        Server DNS name : TORVMDC01.company.com
        Server DN name  : CN=NTDS Settings,CN=TORVMDC01,CN=Servers,CN=CA-TOR-SITE,CN=Sites,CN=Configuration,DC=company,DC=com
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

To me it seems as though MS AD is checking for consistency inside the deleted Items folders but Samba AD is disregarding that folder.

95
Installation and Upgrades / Re: Set up a unified sharing time
« Last post by aresko on August 15, 2019, 12:09:27 pm »
Việc chuyển sang quy tắc giá thống nhất và đấu giá giá đầu tiên thống nhất sẽ giúp các đối tác của chúng tôi đơn giản hóa cách họ quản lý doanh thu quảng cáo và tăng tính minh bạch cho mọi người trong hệ sinh thái.
Dafont Showbox Adam4adam
96
Installation and Upgrades / Re: Domain IP issue after upgrading from Zentyal 4 to 6
« Last post by aresko on August 15, 2019, 12:08:26 pm »
hm.... why running /usr/sbin/samba --foreground --debug-stderr --no-process-group doesn't fail and allows to use samba?
Sarkari Result Pnr Status 192.168.l.l
97
Other modules / Re: DNS with diffrent ip address
« Last post by cnbx on August 15, 2019, 07:13:06 am »
  :-[ Could you explain me your system topology extensely (a detailed graphic would be appreciated) and the problem one more time? I'm re-reading the topic and I fear I don't have understood rightly your issue.  :-[

Really, to keep a process  reading the dhcp leases in order to execute an script based on the samba-tool doesn't seems to me the better of the fixes. (Besides, Zentyal webadmin doesn't reflects these DNS records created by samba-tool)
However, the more I think about it the more i'm convinced that you should search the solution on the Ebox API.
(Obviously this task is undistinguisable of fixing the Zentyal dynamic dns bug) O_o

In relation with the possibility of using another DNS server, be conscious that the Zentyal Domain Controller has to be the DNS server (Samba4 manages the DNS server itself) so, you don't have to install another DNS server, ( it solves anything ). Simply you have to configure DDNS on the BIND9 of the Zentyal Samba4 implementation and the Zentyal DHCP without breaking them (nor Zentyal)
Remember that you have to modify the needed parameters on the Zentyal stubs. (read this: https://doc.zentyal.org/es/appendix-c.html#stubs )
I would like to try this this week end. I'll tell you about it!
Cheers!

topology

i just want user from wireless can join domain, hence from you statement by default if we configure zentyal as domain control it must be include dns in zentyal it self..?

but dhcp server from zentyal to simple, if we have multiple ip address with multiple class it can be done using multiple nic it is correct ...?


Thanks and Regards
98
 :)

Hi!

Try to synchronize all the domain controllers:

https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions (use the --full-sync flag)

afterwards:

Code: [Select]
samba-tool drs showrepl
Could be you'll have to repeat this process many times until showrepl willn't show errors.

cheers!
99
Other modules / Re: [SOLVED] Zentyal 6.0: Modules States page , Logs page : broken
« Last post by doncamilo on August 14, 2019, 09:42:25 pm »
Great!  :)

Could you please to document it here?
I would like to understand it!

Regards!
100
Other modules / Re: DNS with diffrent ip address
« Last post by doncamilo on August 14, 2019, 09:38:05 pm »
  :-[ Could you explain me your system topology extensely (a detailed graphic would be appreciated) and the problem one more time? I'm re-reading the topic and I fear I don't have understood rightly your issue.  :-[

Really, to keep a process  reading the dhcp leases in order to execute an script based on the samba-tool doesn't seems to me the better of the fixes. (Besides, Zentyal webadmin doesn't reflects these DNS records created by samba-tool)
However, the more I think about it the more i'm convinced that you should search the solution on the Ebox API.
(Obviously this task is undistinguisable of fixing the Zentyal dynamic dns bug) O_o

In relation with the possibility of using another DNS server, be conscious that the Zentyal Domain Controller has to be the DNS server (Samba4 manages the DNS server itself) so, you don't have to install another DNS server, ( it solves anything ). Simply you have to configure DDNS on the BIND9 of the Zentyal Samba4 implementation and the Zentyal DHCP without breaking them (nor Zentyal)
Remember that you have to modify the needed parameters on the Zentyal stubs. (read this: https://doc.zentyal.org/es/appendix-c.html#stubs )
I would like to try this this week end. I'll tell you about it!
Cheers!
Pages: 1 ... 8 9 [10]