On Mon, 22 Jun 2020 11:46:55 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 22/06/2020 11:33, Enrico Morelli wrote: > > [global] > > dns forwarder = 150.217.1.32 > > netbios name = FIORGEN7 > > realm = CERM.UNIFI.IT > > server role = active directory domain controller > > workgroup = CERM > > idmap_ldb:use rfc2307 = yes > > vfs objects = acl_xattr > > map acl inherit = yes > Remove the last two lines, they have no place on a DC and in fact you > have turned off one of the required vfs objects.Done.> > [homes] > > path = /home/win_shares/homes > > read only = no > > I would rename [homes] to [users], [homes] is a special share that > does not require the 'path' parameter and normally uses the users > Unix directory path and you are using a Windows user home directory > path.Done. All seems to be hard. Now I'm able to see security tab, but when I select it the application crash. I tried to set profile but when I open Active Directory Users and Computers I receive: Naming information cannot be located for the following reason: The server is not operational. :-(( -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On 22/06/2020 13:50, Enrico Morelli wrote:> On Mon, 22 Jun 2020 11:46:55 +0100 > Rowland penny via samba <samba at lists.samba.org> wrote: > >> On 22/06/2020 11:33, Enrico Morelli wrote: >>> [global] >>> dns forwarder = 150.217.1.32 >>> netbios name = FIORGEN7 >>> realm = CERM.UNIFI.IT >>> server role = active directory domain controller >>> workgroup = CERM >>> idmap_ldb:use rfc2307 = yes >>> vfs objects = acl_xattr >>> map acl inherit = yes >> Remove the last two lines, they have no place on a DC and in fact you >> have turned off one of the required vfs objects. > Done. > >>> [homes] >>> path = /home/win_shares/homes >>> read only = no >> I would rename [homes] to [users], [homes] is a special share that >> does not require the 'path' parameter and normally uses the users >> Unix directory path and you are using a Windows user home directory >> path. > Done. > > All seems to be hard. Now I'm able to see security tab, but when I > select it the application crash. > > I tried to set profile but when I open Active Directory Users and > Computers I receive: Naming information cannot be located for the > following reason: The server is not operational. > > :-(( > >Firewall or Apparmor or Selinux getting in the way ? Rowland
On Mon, 22 Jun 2020 13:54:38 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 22/06/2020 13:50, Enrico Morelli wrote: > > On Mon, 22 Jun 2020 11:46:55 +0100 > > Rowland penny via samba <samba at lists.samba.org> wrote: > > > >> On 22/06/2020 11:33, Enrico Morelli wrote: > >>> [global] > >>> dns forwarder = 150.217.1.32 > >>> netbios name = FIORGEN7 > >>> realm = CERM.UNIFI.IT > >>> server role = active directory domain controller > >>> workgroup = CERM > >>> idmap_ldb:use rfc2307 = yes > >>> vfs objects = acl_xattr > >>> map acl inherit = yes > >> Remove the last two lines, they have no place on a DC and in fact > >> you have turned off one of the required vfs objects. > > Done. > > > >>> [homes] > >>> path = /home/win_shares/homes > >>> read only = no > >> I would rename [homes] to [users], [homes] is a special share that > >> does not require the 'path' parameter and normally uses the users > >> Unix directory path and you are using a Windows user home directory > >> path. > > Done. > > > > All seems to be hard. Now I'm able to see security tab, but when I > > select it the application crash. > > > > I tried to set profile but when I open Active Directory Users and > > Computers I receive: Naming information cannot be located for the > > following reason: The server is not operational. > > > > :-(( > > > > > Firewall or Apparmor or Selinux getting in the way ? > > Rowland > > >Firewall is stopped, apparmon is removed and selinux isn't installed. -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On 6/22/2020 7:50 AM, Enrico Morelli via samba wrote:> > All seems to be hard. Now I'm able to see security tab, but when I > select it the application crash. >I could be wrong but, I had a similar experience, rather sporadic denials, W10 programs simply flashing and going away as quickly as they pop up. When I corrected the reverse dns for the workstation, these "odd" denials stopped and the (W10) request for admin permissions "pops" up properly. admin@[hostname]:~$ nslookup [hostname] Name:?? [your FQDN] Address: 192.168.16.54 admin@[hostname]:~$ nslookup 192.168.xxx.54 54.xxx.168.192.in-addr.arpa????? name =? [your FQDN] Both of these "nslookup's" should work for your workstation ip address and hostname. Perhaps this is your issue? (Maybe not?) -- Bob Wooden
On Mon, 22 Jun 2020 08:16:34 -0500 "Robert E. Wooden via samba" <samba at lists.samba.org> wrote:> On 6/22/2020 7:50 AM, Enrico Morelli via samba wrote: > > > > All seems to be hard. Now I'm able to see security tab, but when I > > select it the application crash. > > > I could be wrong but, I had a similar experience, rather sporadic > denials, W10 programs simply flashing and going away as quickly as > they pop up.The behavior is exactly this.> When I corrected the reverse dns for the workstation, > these "odd" denials stopped and the (W10) request for admin > permissions "pops" up properly. > > admin@[hostname]:~$ nslookup [hostname] > Name:?? [your FQDN] > Address: 192.168.16.54 > admin@[hostname]:~$ nslookup 192.168.xxx.54 > 54.xxx.168.192.in-addr.arpa????? name =? [your FQDN] > > Both of these "nslookup's" should work for your workstation ip > address and hostname. > > Perhaps this is your issue? (Maybe not?) >Unfortunately the nslookup gave the correct answers. -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On Mon, 22 Jun 2020 13:54:38 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 22/06/2020 13:50, Enrico Morelli wrote: > > On Mon, 22 Jun 2020 11:46:55 +0100 > > Rowland penny via samba <samba at lists.samba.org> wrote: > > > >> On 22/06/2020 11:33, Enrico Morelli wrote: > >>> [global] > >>> dns forwarder = 150.217.1.32 > >>> netbios name = FIORGEN7 > >>> realm = CERM.UNIFI.IT > >>> server role = active directory domain controller > >>> workgroup = CERM > >>> idmap_ldb:use rfc2307 = yes > >>> vfs objects = acl_xattr > >>> map acl inherit = yes > >> Remove the last two lines, they have no place on a DC and in fact > >> you have turned off one of the required vfs objects. > > Done. > > > >>> [homes] > >>> path = /home/win_shares/homes > >>> read only = no > >> I would rename [homes] to [users], [homes] is a special share that > >> does not require the 'path' parameter and normally uses the users > >> Unix directory path and you are using a Windows user home directory > >> path. > > Done. > > > > All seems to be hard. Now I'm able to see security tab, but when I > > select it the application crash. > > > > I tried to set profile but when I open Active Directory Users and > > Computers I receive: Naming information cannot be located for the > > following reason: The server is not operational. > > > > :-(( > > > > > Firewall or Apparmor or Selinux getting in the way ? > > Rowland > > >I updated Windows 10 to the latest update, removed the Windows PC from the domain and putted it again. Now Active Directory Users and Computers doesn't start. I'm unable to use Computer Management to perform the steps to set home directories because it crashes. I tried to set the homes using File explorer, going to the shared resources and creating the home directory but I receive that I haven't permission to create a folder under /home/win_shares/users. Before I added my account to Unix Admins and Domain Admins. I set log level to 10 but I'm unable to see if there is issues scrolling thousand of lines. I don't know what fish to catch anymore :-(( -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------