Web lists-archives.com

Re: [Samba] RSAT Hang




Hi Gregory, 

On the questions.
> Is there a good reason to avoid Samba internal DNS?
No, imo not, but i only use bind9_dlz because i need bind in my lan for other setups also.

I just used my RSAT on my win7 64b, but at my point it works fine. 

I do have questions to get a better impression of the setup. 
Whats the os your using with RSAT and did u use DOM\Administrator or an other account? 
Check if Adminsitrator has id 0. (root)

Is there anything showing up in the windows event logs? 

Are the SePrivileges checked if the needed groups/users exists? 
I use this script to check this, it shows the seprivileges. 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh 

Which shows on my DC's. 
SeMachineAccountPrivilege:
  NTDOM\Domain Admins
SeTakeOwnershipPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeBackupPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeRestorePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeRemoteShutdownPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
  BUILTIN\Server Operators
SePrintOperatorPrivilege:
  NTDOM\Domain Admins
SeAddUsersPrivilege:
  NTDOM\Domain Admins
SeDiskOperatorPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeSecurityPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeSystemtimePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeShutdownPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Print Operators
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeDebugPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeSystemEnvironmentPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeSystemProfilePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeProfileSingleProcessPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeIncreaseBasePriorityPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeLoadDriverPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Print Operators
  BUILTIN\Administrators
SeCreatePagefilePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeIncreaseQuotaPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeChangeNotifyPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
  BUILTIN\Pre-Windows 2000 Compatible Access
SeUndockPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeManageVolumePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeImpersonatePrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeCreateGlobalPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators
SeEnableDelegationPrivilege:
  NTDOM\Domain Admins
  BUILTIN\Administrators

Have you setup samba with a higher debug level also, that might show whats missing/going wrong. 

A few things to check, this is ofent a right whats missing somewhere.


Greetz, 

Louis

 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Gregory Sloop via samba
> Verzonden: maandag 21 mei 2018 19:07
> Aan: Gregory Sloop via samba
> Onderwerp: Re: [Samba] RSAT Hang
> 
> Should add...
> 
> I'm using the Internal Samba DNS, not BIND_DLZ.
> 
> Related:
> I noticed that Louis and others appear to be using BIND, and 
> get the feeling BIND is preferred...
> Is there a good reason to avoid Samba internal DNS? I, at 
> least in the case I'm testing for, will be using a regular 
> BIND server for everything outside the AD site. [Samba/Active 
> Directory is being setup in a 3rd level domain, which it will 
> have exclusive control over. Like - sambadom.mydomain.com.]
> 
> GSvs> So, I setup Samba on Ubuntu 18.04, using the packaged Samba
> GSvs> version. [Thanks Rowland/Louis et al.]
> 
> GSvs> I'm doing some testing/tinkering using FreeNAS as a share,
> GSvs> using the AD as the authentication back-end.
> GSvs> As part of that process, you need to add a computer 
> account and change some security settings.
> 
> GSvs> I setup RSAT and can see the AD tree, and add users etc.
> GSvs> When I try to switch to advanced view and view the security tab
> GSvs> of a created user or computer account, it hangs and never
> GSvs> returns the details I'm looking for.
> 
> GSvs> -The machine RSAT is on is pointed at the Samba server for DNS,
> GSvs> and it's resolving queries properly.
> 
> GSvs> I can create user/computer accounts fine. It's just when I try
> GSvs> to view the security tab, that things hang.
> GSvs> A quick search doesn't seem to find anything.
> 
> GSvs> Nothing in the logs that seems relevant.
> GSvs> Suggestions? [Just point me in the right general
> GSvs> direction...unless you have something better...]
> 
> GSvs> TIA
> GSvs> -Greg
> 
> -- 
> Gregory Sloop, Principal: Sloop Network & Computer Consulting
> Voice: 503.251.0452 x82
> EMail: gregs@xxxxxxxxx
> http://www.sloop.net
> ---
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba