Forums

Scott
Scott
Offline
Resolved
0 votes
I have ClearOS set up in a test environment. I am looking to see how it will work as a domain controller. Currently there is none. I have set it up as PDC and it all seems very straightforward, both in the ClearOS configuration as well as from what I've been reading in the "how to's".
My problem is when I go to join (either with Windows 7 Pro or Windows XP Pro) I can see the domain but I cannot connect to it with the winadmin account. I havn't been able to find any threads on this so I'm not sure if its a winadmin issue or something else but everything seems very straight forward.

Thanks.
Thursday, February 14 2013, 10:05 PM
Share this post:
Responses (29)
  • Accepted Answer

    Friday, February 15 2013, 09:58 PM - #Permalink
    Resolved
    0 votes
    What error do you receive when you attempt to join? you could also try adding a user to the window administrator group, and connecting with that?

    Have you applied the Windows 7 registry tweaks?
    The reply is currently minimized Show
  • Accepted Answer

    Scott
    Scott
    Offline
    Sunday, February 17 2013, 04:45 PM - #Permalink
    Resolved
    0 votes
    Thanks for the reply.

    When trying to join I am prompted with a log in and enter the winadmin user and pass that was set up in the configuration process. I then get the following from windows:

    "The following error occurred attempting to join the domain 'CLEARSYSTEM':
    The specified domain either does not exist or could not be contacted."

    I tried creating a new user and adding it to the windows admin group but that resulted in the same error. I also tried changing the password for winadmin just to be sure but it still gave the same error.
    Under the network config of the test system trying to join the ClearOS ip is listed as the DNS server and I can browse sites fine.
    I did add the registry tweaks supplied from SAMBA.
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Sunday, February 17 2013, 06:26 PM - #Permalink
    Resolved
    0 votes
    Scott wrote:
    Thanks for the reply.

    When trying to join I am prompted with a log in and enter the winadmin user and pass that was set up in the configuration process. I then get the following from windows:

    "The following error occurred attempting to join the domain 'CLEARSYSTEM':
    The specified domain either does not exist or could not be contacted."

    I tried creating a new user and adding it to the windows admin group but that resulted in the same error. I also tried changing the password for winadmin just to be sure but it still gave the same error.
    Under the network config of the test system trying to join the ClearOS ip is listed as the DNS server and I can browse sites fine.
    I did add the registry tweaks supplied from SAMBA.

    Is WINS running on the server? Is the client configured to point to it (you can do this via DHCP)?

    Please see Dave Loper's guidance.

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Scott
    Scott
    Offline
    Monday, February 18 2013, 06:50 PM - #Permalink
    Resolved
    0 votes
    WINS Support is enabled.

    I have manually placed the Windows 7 Pro system I am using to test the connection into the same subnet, although the mask was open to allow multiple subnets.

    nbstat -A fails as an unrecognized command. I can ping both the domain name and the server name but neither result in the ClearOS IP.
    It returns a: 67.215.65.132 address. ?
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Monday, February 18 2013, 09:09 PM - #Permalink
    Resolved
    0 votes
    Scott wrote:
    WINS Support is enabled.

    I have manually placed the Windows 7 Pro system I am using to test the connection into the same subnet, although the mask was open to allow multiple subnets.

    nbstat -A fails as an unrecognized command. I can ping both the domain name and the server name but neither result in the ClearOS IP.
    It returns a: 67.215.65.132 address. ?

    The command name is nbtstat, not nbstat; a t is missing. And don't forget the IP address at the end.

    It looks like there is something wrong with your DNS setup. Is your Win7 client pointing to your COS server for DNS? It should not be pointing to an outside DNS server; it must point to your COS box, which in turn forwards outbound DNS queries to the appropriate external DNS servers.
    The reply is currently minimized Show
  • Accepted Answer

    Scott
    Scott
    Offline
    Monday, February 18 2013, 10:10 PM - #Permalink
    Resolved
    0 votes
    The client is using COS as DNS and can browse internet.

    With the correct nbtstat command run from the win 7 client, it returns both the server name and the windows domain name as registered.

    In this test set up COS is not acting as DHCP or gateway. Would that cause a conflict?
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Monday, February 18 2013, 11:59 PM - #Permalink
    Resolved
    0 votes
    Scott wrote:
    The client is using COS as DNS and can browse internet.

    With the correct nbtstat command run from the win 7 client, it returns both the server name and the windows domain name as registered.

    In this test set up COS is not acting as DHCP or gateway. Would that cause a conflict?

    I don't see how using a static configuration rather than DHCP could cause a conflict. Because if you've configured all parameters correctly - IP address, subnet mask, default gateway, primary DNS, domain name, primary WINS - it's the same as DHCP, just more cumbersome to manage.

    So I'm stumped. That's all there is to it: apply the registry changes, reboot, configure networking parameters so that DNS and WINS work correctly, then join the domain. It just works. I have more than 100 clients at 3 different sites, XP/Vista/7 x86/x64 - and it just works.

    The only thing that springs to mind is - have you tried this with v5? I had some trouble with the early v6 release and only plan to try it again after 6.4 is released, so I don't know how well Windows Networking works on v6. v5 on the other hand has been rock solid from day one.

    Georger
    The reply is currently minimized Show
  • Accepted Answer

    Scott
    Scott
    Offline
    Tuesday, February 19 2013, 12:18 AM - #Permalink
    Resolved
    0 votes
    Would the gateway need to be set as COS? It doesn't seem like it would need to be....

    This has been my confusion. It seems to be such as simplified process yet it just wont log in to join the domain. COS has no firewall set up to block it.

    Radius is running. Could that be an issue with connecting to the winadmin account? Maybe an issue with LDAP?
    The reply is currently minimized Show
  • Accepted Answer

    georger
    georger
    Offline
    Tuesday, February 19 2013, 12:54 AM - #Permalink
    Resolved
    0 votes
    Scott wrote:
    Would the gateway need to be set as COS? It doesn't seem like it would need to be....

    This has been my confusion. It seems to be such as simplified process yet it just wont log in to join the domain. COS has no firewall set up to block it.

    Radius is running. Could that be an issue with connecting to the winadmin account? Maybe an issue with LDAP?

    No, it is not necessary to set the gateway to the COS box. None of my sites is configured that way, and they work just fine. The servers and the clients are on the same subnet and configured correctly, so they wouldn't even need a gateway - in fact, a pet 4th site (some ˜5 clients) didn't even have a router until some time ago.

    I don't really see how RADIUS could be interfering. About LDAP, do you see any errors in /var/log/messages ?

    Here's a last-resort suggestion: create a smallish v5 VM (e.g. 10 GB disk, 512 MB RAM) and test Windows Networking on it. Quick, simple, no cost - worth a try.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 17 2018, 04:04 PM - #Permalink
    Resolved
    0 votes
    I am having troubles connecting Windows 10 boxes to my V7.4 ClearOS box. I have the Windows 10 Domain Logons enabled in Windows Networking, does that mean I do or do not need to have the Windows 7 Registry hacks implemented?

    Also I have noticed if you enable the "Windows 10 Domain Logons" the "WINS" box is emptied? Should I edit etc/samba/smb.conf and add in either the IP address or name of the COS Server against the "Wins Server = " setting?

    Any help appreciated.

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, February 17 2018, 08:42 PM - #Permalink
    Resolved
    0 votes
    I don't use domains, but I have never heard of anyone needing to edit smb.con and what you are proposing is incorrect. If Samba is the WINS server, "wins support" should be set to "yes" and "wins server" should be empty. They are mutually exclusive. If samba is not the primary WINS server, "wins support" should be set to no and "wins server" should be pointed to the WINS server. This is all done through the webconfig. No need to edit anything.

    Also I believe the registry hacks are needed for any version of Windows >= 7.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 01:55 AM - #Permalink
    Resolved
    0 votes
    Nick
    As usual thanks for your help. I am on ClearOS 7.4 so it may be what I am seeing in the dashboard is slightly different to you?

    The following are the settings in Windows Networking (Samba):

    Server Name: GSCServer
    Server Comment GSComputing
    Home Directories: Enabled
    Windows 10 Domain Logons: Enabled
    Wins Support: Enabled
    Wins Server: blank (greyed out).

    In the mode section I have:
    Mode: Primary Domain Controller / PDC

    Basically I am testing joining Windows machines to the COS server. Since posting the first question I tried various things and no matter what, I get errors with the Wndows 10 v1709 box. Initially I was getting the "I can't find your domain controller" type messages (the laptop I am trying to join to the ClearOS domain is running a clean install if Windows 10 1709 Pro 64 bit and is fully patched). Because I saw the "Windows 10 Domain Logons Enabled" I assumed I didn't need the registry hack and as per your comment I clearly do.

    I have since applied the two registry entries and tried again and things looked a bit better but it still gave various errors. I then read somewhere else on here that Wins should be enabled and when I did an IPConfig /ALL on the Windows 10 box I could see that the IPV4 configuration of the wired network (which is how I am connected to the ClearOS server) was showing no entry in the Primary Wins server section. So I went into the IPV4 settings of the Lan connection on the WIndows box, into TCP V4 properties >> Advanced >> Wins and added the IP of the ClearOS server to the Wins section. I am using DHCP on the ClearOS box but for some reason it's not passing the WINS server IP to the client PCs.

    When I then tried to connect I got a lot further I got to the bit in the network wizard where it asks you what kind of account you would like your domain account to be on the local Windows 10 box and I selected "Administrator". When I clicked "Next" or "Finish" or whatever the button was, it came up with a warning saying that there was no trust relationshup between this PC and the Domain Controller. I selected "Cancel" at that point but I could see that the computer details had changed and I was now in the GSComputing domain??

    So I closed the dialog and it asked to reboot and when I got to the login I could See I was logging in as the domain user and it worked OK.

    I would really like it if someone at ClearOS could define all the correct settings for a ClearOS box where you want the ClearOS box to be the PDC as far as the file sharing is concerned and being able to add Windows computers to it. I did try the full Samba Client the first attempt at installing and it screwed everything up so I wiped the install and started again only using Flexchares with Windows Networking.

    Basically I am making the ClearOS box the equivalent of MS Small Business Server and I am very close to it but there seems to still be some issues getting Windows machines to join to it in a seemless fashion.

    On my box now I have a Windows 7 and a Windows 10 box joined with access to IMAP email, I have (with your help) got a Let's Encrypt certificate working so that accessing the box from a browser does not throw up certificate errors. I have a website running on it using WordPress although I am having trouble importing an exiusting WordPress site into it as the import routine can't find the content folders as ClearOS seems to locate them in a different location to what the importer expects?

    I have VPN working using PPTP and file shares working using flexshares and samba.

    So all in all pretty good if I can just crack backups using USB drives it will be almost a direct replacment!

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 09:47 AM - #Permalink
    Resolved
    0 votes
    I am also on 7.4. Your WINS settings are correct and in something like 12 minutes your workstation should find your WINS server. You can also set up the DHCP server to hand out the WINS (ClearOS LAN) IP address and I suggest you do this as it may make this quicker.

    In the Mode section yo also have to set the Windows Domain name. This is the workgroup in simple filesharing, or the Domain name when it is a PDC.

    Please can I refer you to the documentation here, and can I draw particular attention to the Time and Date section.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 12:26 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Thanks for the link I will pour over that. The issue I am having is that now that I have got the Windows 10 machines joined to the COS domain I am getting a weird error when I try and assign the users on these machines to a Microsoft Account. You need this for the Windows apps on the start menu to update properly and also for OneDrive connections and Cortana to work. When I try and set up Cortana it asks you for a MS account so you put in the email and password used by my MS account and after a short delay an error comes up:

    0x801901f4 User profile cannot be loaded.

    This is quite serious because all the Start Menu apps like Pictures, Groove Music, and Edge disappear from both parts of the start menu.

    I like the idea of joining the machines to the domain as before I was joined to the domain I was getting issues where when going into Network through File Explorer I could not get the Server to appear even entering \\GSCServer or \\192.168.17.1 it would just come back with an "Unspecified error".

    I tried adding the server's short name to the hosts file on each machine on the network so that the machines could resolve GSCServer to 192.168.17.1 also I set remote.gscomputing.co.uk to 192.168.17.1 as well as I was concerner that when the mail clients were accessing the mail server it was generating a load of external internet traffic. I am wondering now if I should remove that as it may be the COS server's DNS is able to resolve those addresses for the clients?? Also I am wondering if this is somehow affecting the MS Account and profile issues??

    Any comments on this would be grateful. I may end up going back to simple file sharing and dump the idea of the server being a PDC and just take all my machines out of the domain and change their workgroup name to be the name of the samba server. Again your comments on this Nick would be appreciated.

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 04:23 PM - #Permalink
    Resolved
    0 votes
    I don't know the domain set up but I believe you *must* get DNS working correctly before you can proceed. Editing the hosts file on the client does not get DNS working. Editing it on the server (use Webconfig > Network > Infrastructure DNS Server) is OK.

    What it the output of "ipconfig /all" on a workstation?

    Have you worked your way through the document I linked to checking each bit it working?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 05:39 PM - #Permalink
    Resolved
    0 votes
    Nick,
    This is the output from my laptop:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : SivsProBook
    Primary Dns Suffix . . . . . . . : GSCOMPUTING
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : GSCOMPUTING
    gscomputing.lan

    Wireless LAN adapter WiFi:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Ralink RT3290 802.11bgn Wi-Fi Adapter
    Physical Address. . . . . . . . . : 9C-2A-70-16-EF-6B
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Local Area Connection* 1:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 9C-2A-70-16-EF-6D
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . : gscomputing.lan
    Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
    Physical Address. . . . . . . . . : B4-B5-2F-83-F9-9C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.17.232(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 17 February 2018 23:55:28
    Lease Expires . . . . . . . . . . : 19 February 2018 17:32:57
    Default Gateway . . . . . . . . . : 192.168.17.10
    DHCP Server . . . . . . . . . . . : 192.168.17.1
    DNS Servers . . . . . . . . . . . : 192.168.17.1
    Primary WINS Server . . . . . . . : 192.168.17.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Bluetooth Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
    Physical Address. . . . . . . . . : 9C-2A-70-16-EF-6C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c1e:22e2:3f57:ee17(Preferred)
    Link-local IPv6 Address . . . . . : fe80::2c1e:22e2:3f57:ee17%12(Preferred)
    Default Gateway . . . . . . . . . : ::
    DHCPv6 IAID . . . . . . . . . . . : 301989888
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-19-BC-9F-B4-B5-2F-83-F9-9C
    NetBIOS over Tcpip. . . . . . . . : Disabled
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 05:59 PM - #Permalink
    Resolved
    0 votes
    Nick,
    Regarding the documents and connecting to domain, I went through those carefully. The only bit I am not sure about is the user certificates. I have the server covered by a Lets Encrypt certificate so felt that I didn't need to do anything with user certificates?

    Everything else seems to be as per that document unless I am misunderstanding it.

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 06:13 PM - #Permalink
    Resolved
    0 votes
    The output looks much prettier/more legible between code tags.

    So it looks like it is pulling a bunch of settings correctly from ClearOS - DNS Server, DHCP, WINS Server etc. It looks like you have a different gateway other than ClearOS but that is fine.

    Have you undone your change to the laptop hosts file?

    What is the contents of the ClearOS /etc/hosts file?

    .... and I don't see the point about certificates either. I probably means initialise the server certificate which will create its own CA, sys-0-cert.pem and key file (and prep it for OpenVPN etc). Let's Encrypt is (initially) only for the Webserver and Webconfig, though it can be extended to other functions.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 07:36 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Aplogies didn't know about the code tags, Will do that in future.

    The Gateway is my router. The physical configuration I have is as follows:

    The ClearOS Server has a single wired network connection that is connected to one of the 4 ports on the router. The Server is in Standalone mode with no firewall as it's behind the NAT firewall built into my router. I have just the necessary ports open, 21 for FTP, 587 for secure SMTP, 80 for http for accessing the website, 81 for login remotely, 443 for https, 993 for secure IMAP, 1723 for pptp VPN, and I have a custom port for SSH open though I am tempted to turn that off it just makes it easy for me to access that setup from my other work setup which is on a different IP Address and broadband connection. I have installed all the intrusion protection plugins so I am hopeful that the lack of a firewall on the server will not be an issue.

    Client PCs connect either via Wireless or in the case of my laptop I have it connected via another wired connection to the router.

    This is the contents of /etc/hosts:

    cat hosts
    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.17.1 remote.gscomputing.co.uk gscserver


    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 08:23 PM - #Permalink
    Resolved
    0 votes
    Can you ping "gscserver", "gscserver." "gscserver.GSCOMPUTING" and "gscserver.gscomputing.lan" and see if you get a response? Note the second is the same as the first with a dot on the end.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 08:44 PM - #Permalink
    Resolved
    0 votes
    Nick,
    These are the results:

    Microsoft Windows [Version 10.0.16299.248]
    (c) 2017 Microsoft Corporation. All rights reserved.

    C:\Windows\system32>ping gscserver

    Pinging gscserver.gscomputing.lan [192.168.17.1] with 32 bytes of data:
    Reply from 192.168.17.1: bytes=32 time<1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64

    Ping statistics for 192.168.17.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

    C:\Windows\system32>ping gscserver.

    Pinging gscserver [192.168.17.1] with 32 bytes of data:
    Reply from 192.168.17.1: bytes=32 time<1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64

    Ping statistics for 192.168.17.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

    C:\Windows\system32>ping gscserver.gscomputing
    Ping request could not find host gscserver.gscomputing. Please check the name and try again.

    C:\Windows\system32>ping gscserver.GSCOMPUTING
    Ping request could not find host gscserver.GSCOMPUTING. Please check the name and try again.

    C:\Windows\system32>ping gscserver.GSCOMPUTING.lan

    Pinging gscserver.GSCOMPUTING.lan [192.168.17.1] with 32 bytes of data:
    Reply from 192.168.17.1: bytes=32 time<1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64
    Reply from 192.168.17.1: bytes=32 time=1ms TTL=64

    Ping statistics for 192.168.17.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

    C:\Windows\system32>
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 09:49 PM - #Permalink
    Resolved
    0 votes
    It is looking like name resolution is working reasonably, but I don't know if the third one should work or not. It is listed as one of your search domains. I don't know if it indicates WINS resolution not working.

    Have you tried googling your error? Among other things it turns up this.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 10:27 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Thanks for checking the ouput. I think name resolution is OK. The key issue I think is something to do with there not being a trust relationship between the machine and the server when you try to add the WIndows 10 box. I don't know what constitutes that whether you have to have Active Directory installed on the COS server for this to work. I am not a big fan of AD as for the small business clients I have dealt with over the years, AD is more of a hindrance than a help so I have left it well alone. I know it can be very powerful and useful in large organisations where you want to make all 1,000 PCs install a particualr piece of software or have specifically mapped drives or whatever, but for the little guys I deal with it's never been that much use to me and occasionally has caused lots of issues.

    That said it's always been there even if I wasn't using it much and it does make me wonder if you need it to be set up on the COS server to make joining computers and users work better?

    I had assumed that if you used Flexshare and you adopted Windows Networking as the option and particularly if you selected the PDC option, it would include all the glue that would allow you to join users and Windows PCs to the COS box so didn't need AD adding?

    I did look at that article you linked to and did try the techniques but it has made no difference. I still have no UWP apps on my Windows 10 Start menu. For me personally that would not be an issue as I rarely use any of the UWP apps as they are mostly crap anyway. I always use Firefox as my main browser and pretty much everything else is a WIn32 app. However for other users this will be a huge issue. It has now done it on both Windows 10 machines I have added to my test server.

    I do wonder if some of the Patch Tuesday updates from MS are the problem as one of the fixes this month is to protect against a really nasty piece of malware that can infect your PC when Outlook loads an email into your inbox. Apparently you don't even have to view it, just Outlook loading it in your inbox list is enough! Cripes!

    I read what this update did and it did mention something about changes to SMB which clearly might impact the SAMBA workings on ClearOS??

    Maybe the ClearOS dev's are aware of it and providing some sort of workaround if that is what's causing the issues with domain join?

    Siv
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 10:41 PM - #Permalink
    Resolved
    0 votes
    You do not need AD (which is only a connector) and it would require a full re-installation of ClearOS. Unfortunately I do not know how to join a PC to a Domain or what commands are available to troubleshoot it. If everything is working OK I believe it is a pretty straightforward procedure used by many with ClearOS.

    Perhaps someone else can step in with ideas?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, February 18 2018, 11:10 PM - #Permalink
    Resolved
    0 votes
    Nick,

    No worries, I am beginning to think doing it the way you do it with just simple file sharing is the way to go. I am just used to always having the server as a PDC and it's more familiar to me but I am quite happy to use the simple file sharing that you use.

    I am assuming the way you do it is Select the Flexshare plugin and use LDAP as your directory and then add Windows Networking. When you have that set the mode to simple file sharing.

    On the client PCs do you make the WORKGROUP name match the email domain name you are using, so in my case, the real external domain is gscomputing.co.uk so I would name the server as follows:

    Hostname: GSCServer.lan
    Internet Hostname: remote.gscomputing.co.uk
    Default Domain: gscomputing.co.uk

    In the Server >> File >>Windows Networking (Samba) Settings I would have:

    Server Name: GSCServer

    In Mode:
    Mode: Simple Server
    Windows Domain: GSCOMPUTING

    So in the Windows boxes I would change their Workgroup to be "GSCOMPUTING".

    Or do you do this completely differently?

    Siv






    So I would change the Workgroup on the Windows PCs be GSCOMPUTING
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 19 2018, 08:28 AM - #Permalink
    Resolved
    0 votes
    The Workgroup (Windows Domain) does not have to match any of the other settings in the server and has nothing to do with e-mail addresses, but the PC's should match it. I use HOME.

    FWIW, Samba is still configured as a PDC in Simple Mode.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 19 2018, 09:11 AM - #Permalink
    Resolved
    0 votes
    Nick,

    When you say the PCs should match "it", what do you mean?

    I get that the settings on the client email programs must match the settings you have configured for email.

    Also do you have to add each LAN PC to the DNS settings (my feeling is not, but I am interested to know how you do it), I assume after setting the local name and IP of the server and the remote name of the server so that client PCs don't try connecting to the server via the internet IP rather than the internal IP. I for instance have my server set to remote.gscomputing.co.uk and before I added that name and the internal IP to the DNS settings, I am pretty sure the email on the client PCs was generating a lot of external traffic. After setting that to the internal IP address then things quietened down. I assume if you have say network printers that are connected using fixed IPs, that would be a candidate for adding to the DNS on the server?

    Siv
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 19 2018, 02:41 PM - #Permalink
    Resolved
    0 votes
    The PC's need to have the same Workgroup setting as ClearOS.

    It is up to you about what you do with LAN PC's. If you have a WORKING WINS server you should be able to use their NetBIOS names from other PC's, but probably not from ClearOS itself.

    If you have common services internally and externally (mail, web server etc) than it makes sense to add their FQDN's to the DNS for internal use. Then, on a laptop or phone, for example, you don't need to change the settings for them to browse your server or access their e-mails. When you say the traffic goes onto the internet, I think it only goes as far as the WAN interface which then loops it back in, but I think loopback can play havock with port forwarding rules. I would (and do) avoid it by having any CNAME or A records externally in my hosts file to resolve internally.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 19 2018, 10:42 PM - #Permalink
    Resolved
    0 votes
    Nick,

    Thanks for the clarification. I did think the Workgroup would have to match what I had on the server as the "Windows domain" name in the Windows Networking section.
    Since I have taken the Windows boxes out of the domain and just put them back into the GSComputing WORKGROUP I am getting no issues with Windows User Profiles and the Microsoft Account but I would be interested to know what it was that was causing the trust issues and why they would cause the user profile issues I am seeing.

    As always thanks for steering me in the right direction your help is much appreciated.

    Siv
    The reply is currently minimized Show
Your Reply