How do I manage the domain group policies? When I create a domain I can connect my computer to it. I then log in to the computer using the winadmin built-in account (the one I used to join the computer to the domain) and when open the group policy manager it tells me that I need to log in as a domain user. Which..... I just did so I'm not sure how to do it again. Just for kicks I created a new user on the domain. I gave them domain admin permissions (added them to domain_admins group). I was able to log in to the computer with the new domain account (leading me to believe I was logged in as a domain user, correct) and when I go to manage the group policies, I get, again, "To manage Group Policy, you must log on to the computer with a domain user account" which is confusing since I logged in using my domain account and domain credentials.
When I try to open "Active Directory Users and Computers" to manage the domain, I get a message that "the specified domain either does not exist or could not be contacted" which, considering I literally just authenticated against that domain, I find hard to believe. So my question I guess is, what is broken in ClearOS's implementation of SAMBA and domains?
This is in the community edition, but using the supposedly verified repos because it's a new install. So this is the "stable" configuration.
When I try to open "Active Directory Users and Computers" to manage the domain, I get a message that "the specified domain either does not exist or could not be contacted" which, considering I literally just authenticated against that domain, I find hard to believe. So my question I guess is, what is broken in ClearOS's implementation of SAMBA and domains?
This is in the community edition, but using the supposedly verified repos because it's a new install. So this is the "stable" configuration.
Share this post:
Accepted Answer
It was the idea to have GPO support much earlier and there used to be a Samba Directory (beta) app for this. Unfortunately there were too many issues with it and it was not going to sit happily with other functions of ClearOS. One of the problems is that if you use Samba as a Directory Server, it will not use Unix file permissions, but needs Windows ACL's. This conflicts with the way things like flexshares have been set up. There were many other issues as well.
The proposed way forward is through the link I gave. This will run a separate Samba Directory instance inside a docker container and ClearOS will continue to run its own instance of Samba with its Unix file shares. The AD Connector will then be used to connect between ClearOS and the Docker/Samba instance. Until I did the investigation for the link I gave, I'd never seen RSAT, but I have now used it to set up users and groups. I only have a mini test environment so have not tried things like Group Policies. I am not really an IT person until recently with ClearOS so I've never had to use them. I am pretty certain GPO's will work with Samba/Docker.
The proposed way forward is through the link I gave. This will run a separate Samba Directory instance inside a docker container and ClearOS will continue to run its own instance of Samba with its Unix file shares. The AD Connector will then be used to connect between ClearOS and the Docker/Samba instance. Until I did the investigation for the link I gave, I'd never seen RSAT, but I have now used it to set up users and groups. I only have a mini test environment so have not tried things like Group Policies. I am not really an IT person until recently with ClearOS so I've never had to use them. I am pretty certain GPO's will work with Samba/Docker.
Responses (2)
-
Accepted Answer
Hi. Thank you for deleting the other post, I was getting frustrated because I didn't know why it disappeared and didn't realize it was awaiting moderation.
Ok, I was working off of old info from 2010-2012 where it was mentioned that ClearOS 7 would have support for GPO and etc. Thank you for the information. -
Accepted Answer
Your first couple of posts get moderated so don't appear immediately. I am deleting your other thread.
ClearOS uses an old-style NT4 domain rather than an Active Directory domain. You need an AD Domain for RSAT support.
You can use ClearOS as a full AD Domain Controller following the howto here, but it is a little experimental and we only bottomed the one issue we knew about in the last couple of weeks. It is planned to had AD domains available in ClearOS 8.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »