Topic: Windows 10

[kellerman40]

Hello! Just registered to post my expirience. I'm using Zentyal servers in my server environments.
One case is Zentyal 3.0 server using samba 4.0.14.
By default W10 domain joining works, but GPOs work only for Domain Administrator accounts, for other domain accounts fails with 1058 error code 5 (Access denied)
To get that working, I had to change max protocol to NT1 and things started working....
...until I found out that randomly on bootup and before login GPO failed with 1058 error code 65 (Network access denied)
Have to say it was not that easy to google about that specific error anymore. 
Accessing \\mydomain.lan\sysvol from explorer gave Network access denied error when executed from a non-domain computer.
Sooo I set RequireMutualAuthentication=0,RequireIntegrity=0 to \\mydomain.lan\sysvol and \\mydomain.lan\netlogon with that GPO hardening setting using RSAT for W10
Now I'm able to access sysvol with entering domain credentials. Havent tested it yet on the pc's that had issues, but feeling that this gonna fix the issue.

[stephdl]

I migrated to windows 10.

And I saw the need to create user profiles of the following ways:

username.V5

This is for the roaming profils work well.

Would it be possible to take you directly into account when creating users from the server-manager.

Thank a lot.

FHS

Thanks for your feedback, can you describe precisely all files that you modified and/or actions you did to get roaming profile.
All documentation pointers are welcome.

[sektor]

Are you using Zentyal in conjuction with sme server? If so I'm kind of curious as to your setup.

Hello! Just registered to post my expirience. I'm using Zentyal servers in my server environments.
One case is Zentyal 3.0 server using samba 4.0.14.
By default W10 domain joining works, but GPOs work only for Domain Administrator accounts, for other domain accounts fails with 1058 error code 5 (Access denied)
To get that working, I had to change max protocol to NT1 and things started working....
...until I found out that randomly on bootup and before login GPO failed with 1058 error code 65 (Network access denied)
Have to say it was not that easy to google about that specific error anymore. 
Accessing \\mydomain.lan\sysvol from explorer gave Network access denied error when executed from a non-domain computer.
Sooo I set RequireMutualAuthentication=0,RequireIntegrity=0 to \\mydomain.lan\sysvol and \\mydomain.lan\netlogon with that GPO hardening setting using RSAT for W10
Now I'm able to access sysvol with entering domain credentials. Havent tested it yet on the pc's that had issues, but feeling that this gonna fix the issue.

[kellerman40]

Are you using Zentyal in conjuction with sme server? If so I'm kind of curious as to your setup.

No, I'm not using sme, I just went on googling about this specific problem (error 1058, code 65) which is quite rare and even occurs with windows server systems. And this topic seems to explain things the right way now.
I'm using Zentyal 3.0 running as my

• radius server
• gateway
• transparent squid proxy with cache
• file server, printserver, NTP server and PDC
• webserver

I'm also running Zentyal 4.1 PDC in one other server system and gonna test this fix which probably will be needed.

[guest22]

Thanks for dropping by. Nice!

[jester]

Thanks for your feedback, can you describe precisely all files that you modified and/or actions you did to get roaming profile.
All documentation pointers are welcome.

Some info: samba wiki on roaming profiles

According to the wiki page Samba should create the profile automatically (not tested!) if the user has write access to that dir... which i don't think is the case:

Code: [Select]

# ll /home/e-smith/files/samba/
total 20K
drwxr-xr-x   5 root  root   4.0K Mar 16  2006 .
drwxr-xr-x  11 root  root   4.0K Nov 11  2013 ..
drwxrwsr-x   2 admin admin  4.0K Nov  9  2013 netlogon
drwxrwsr-x   7 admin admin  4.0K Mar 16  2006 printers
drwxr-s--- 136 admin shared 4.0K Sep  1 13:13 profiles

So u guess in /etc/e-smith/events/user-create/S20user-create-profiledir
this line should probably be changed:

Code: [Select]

my @dirs = ("/home/e-smith/files/samba/profiles/$user","/home/e-smith/files/samba/profiles/${user}.V2");

maybe to something like:

Code: [Select]

my @dirs = ("/home/e-smith/files/samba/profiles/$user","/home/e-smith/files/samba/profiles/${user}.V2","/home/e-smith/files/samba/profiles/${user}.V4","/home/e-smith/files/samba/profiles/${user}.V5");