On Thu, 07 Jun 2018 08:54:51 +0200 Henry Jensen wrote:> > Am 6. Juni 2018 19:55:52 MESZ schrieb Mark Foley via samba <samba at lists.samba.org>: > >I am running Samba 4.4.16 on Slackware64 14.2. I have a domain member > >Windows 7 workstation. I > >upgraded the hardware on this computer a couple of weeks ago. I deleted > >the computer from > >the domain, the re-joined after finishing the upgrade. > > > >This computer show in the list with 'samba-tool group listmembers > >"Domain Computers"', but does > >not show up in ADUC > Computers. I've removed and re-joined the > >domain, but that didn't fix > >the problem. > > > Samba 4.4.x is EOL as far as Samba is conerned. Also Slackware doesn't have PAM. > > You may want to consider my up-to-date Samba and PAM packages for Slackware64 > 14.2 at https://connochaetos.org/slack-n-free/pam64-14.2/ > > > Kind regards, > > HenryWell, I'm having a number of problems including Group Policies not working, loss of redirected desktop and so on. I'd really like to get these resolved as I need to connect more domain member workstations. So, I guess I'll upgrade to a more current version of Samba and see if that helps. The version I'm using is the most recent available for my Slackware distribution. The next version in the pending Slackware release is 4.8.2. I may try that first. Actually, I may try your package as it is targeted to Slackware. I am using Ivandi's PAM on the Linux domain members. I had no problems with the initial 4.1 version and Group Policies when installed back in 2014. Still had no problem in 2016 with Samba 4.2.12 when the most recent user was added. That user was able to log on the first time and get her redirected desktop. We've not added new users or workstations since then until starting last November/December when we upgraded workstations and in some cased created new Windows workstations from scratch with the installation DVD. Since that time none of the existing users logging onto their workstations can get their redirected desktops. I have to manually change the desktop location. Nor do they get their own desktops when logging into workstations other than their own. It "feels" like something bad happened to Group Policy management between 4.2.12 and 4.4.16. When the workstation tried to connect I get the Event Log error: 'General' error: "The processing of Group Policy Failed. Windows could not apply the registry-based policy settings for the Group Policy object LDAP;//CN=Machine,cn={B78D19CB-914B-48F4-AA63-FD8708A55ED7},cn=policies,cn=system,DC=hprs,DC=local. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure." Event details says, "Access is denied". However, the Domain Administrator *is* able to get its redirected desktop regardless of which workstation it logs into. If anyone has any insight into this, please reply. Meanwhile, I'll update Samba. --Mark
Am Thu, 07 Jun 2018 11:36:57 -0400 schrieb Mark Foley via samba <samba at lists.samba.org>:> So, I guess I'll upgrade to a more current version of Samba and see > if that helps. The version I'm using is the most recent available for > my Slackware distribution. The next version in the pending Slackware > release is 4.8.2. I may try that first. Actually, I may try your > package as it is targeted to Slackware. I am using Ivandi's PAM on > the Linux domain members.This is one point where I don't understand Patrick Volkerding's decision. He updates every major server package for years, and when a version comes to End-of-Life he jumps to the next version. But not so with samba. Im my test environmnt I run Slackware with Samba 4.8.2 as one of two DC's (without FSMO roles, they are on the Debian based DC) and it works. However, this is only a test environment. I haven't decided yet, if I will base the production DC's on Debian with Louis's or Tranquil's packages or base them on Slackware with self-built packages. Maybe I will keep a mix of both, in case something wents wrong. Although I heard, that mixing Distros as DC's is a bad idea.> When the workstation tried to connect I get the Event Log error: > > 'General' error: "The processing of Group Policy Failed. Windows > could not apply the registry-based policy settings for the Group > Policy object > LDAP;//CN=Machine,cn={B78D19CB-914B-48F4-AA63-FD8708A55ED7},cn=policies,cn=system,DC=hprs,DC=local. > Group Policy settings will not be resolved until this event is > resolved. View the event details for more information on the file > name and path that caused the failure." > > Event details says, "Access is denied". However, the Domain > Administrator *is* able to get its redirected desktop regardless of > which workstation it logs into. If anyone has any insight into this, > please reply. Meanwhile, I'll update Samba.I would check the permissions of the sysvol folder as seen from a Windows Workstation. Additionally https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-set-sysvol.sh might be helpful. Kind egards, Henry
On Sat, 9 Jun 2018 22:58:11 +0200 Henry Jensen <hjensen at mailbox.org> wrote:> Hi Mark, > > Am Sat, 09 Jun 2018 16:22:09 -0400 > schrieb Mark Foley <mfoley at ohprs.org>: > > > I've downloaded the Samba 4.8.2 package from the Slackware64 current > > repository. I am preparing to install the package (after a full > > backup). Are there any gotcha's you know about that I should be aware > > of when upgrading the package from 4.4.16? I know that on one upgrade > > various .mdb files got moved to different directories which screwed > > me up for a while. > > > > THX --Mark > > It is not advisable to run a binary package from Slackware current on > Slackware 14.2 - the gap between 14.2 and current is pretty big > now, so there is a good chance, the package won't work. > > But you can grab the source files along with the SlackBuild script from > http://ftp.slackware.com/pub/slackware/slackware-current/source/n/samba/ > and rebuild Samba on Slackware 14.2. > > As far as the ugrade is concerned: I don't know. The best advice would > be, to test it first on a non-productive Server.Henry - thanks. I've built from source, as you suggested. Things seems to be running as per usual, although those things that were not working well before are still not working well. I'll post new messages about my issues, but at least I have a more up-to-date version of Samba running. --Mark