Manage Samba4 AD Domain Controller DNS and Group Policy from Windows – Part 4

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

12 Responses

  1. Rifqi says:

    Access was denied. Would you like to add it anyway ? When i tried add dns from rsat. How to repair these permission ??

  2. nehru says:

    Hi,

    We have a problem Ubuntu machine successfully installed the Domain controller in Ubuntu but will looks like came into the terminal like $.

    If any commands are typed it will getting a error.issue # is not in the sudoers file. this incident will be reported “please help me

    • Matei Cezar says:

      You must manually add the user to sudoers file or via usermoad -aG command in order to gain root privileges. Also, home directory must me setup in smb.conf file with template homedir directive.

    • Nuno Mourinho says:

      If you run a command like sudo command, and you are not in the sudoers file, then you have the message # is not in the sudoers file. this incident will be reported. This is a normal situation

      The $ indicates a different shell. If is possible that you have created a user with the useradd command instead of the adduser command. These two commands are different, since one creates the home directory, and the other does not create it.

      Try to run /bin/bash to get the right shell. And recreate the user if needed (use the root login)

  3. Sayantan says:

    Hi,

    Is it possible to set a wallpaper for all users (Windows and Linux) from Samba DC?

    • Matei Cezar says:

      Samba AD DC domain policy can be applied only for Windows hosts. Domain policies don’t apply in Linux. Yes, you can apply a wallpaper for all Windows users on Windows machines, but not on Linux integrated machines.

      • Nuno Mourinho says:

        Yes, its true. They only can be applied to windows hosts.
        I did not had read linux on the question :) (Just skipped that…)

    • Nuno Mourinho says:

      Everything that you do with a normal GPO is possible to do in Samba DC.
      In this case, you need to perform the actions

      1) Copy the wallpaper to windows dir

      2) Change a registry key
      REG ADD “HKCU\Control Panel\Desktop” /v Wallpaper /f /t REG_SZ /d “%windir%\wallpaper\wallpaper.bmp”

      3) Update user parameters
      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters

      So my advice is to create a user Logoff GPO

      Regards,
      Nuno Mourinho

  4. Nuno Mourinho says:

    I have tested this setup, review all steps several times. All shown here works. It is possible to create a DNS A record, a reverse DNS record manually.

    What does not work is automatic DDNS or dynamic dns updates.

    If I run ipconfig /registerdns on the computer on AD, it shout automatically create the DNS record. That does not happen.

    If I check the event log it gives a security issue that prevents the DNS A record from host computer being created automatically.

    Is there any other configuration needed for automatic dns updates?

    Kind Regards,
    Nuno Mourinho

    • Manuel Borges says:

      Hello Nuno,

      did you manage to sort this “problem”?

      If so how?

      • Nuno Mourinho says:

        Yes Manuel Borges, I have solved the problem.

        Put allow dns updates in global, like this this:

        [global]
        allow dns updates = nonsecure
        

        This way the automatic updates work. Don’t ask me why….

  5. Fede says:

    Fantastic articles!
    Eagerly awaiting part 5.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.