Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Invalid username or password.
« on: February 01, 2013, 08:48:41 pm »
I had my zent 3 box working just fine (yay!) joined a windows 8 vm to the domain, it worked, all shinny and pretty.
I then proceeded to install other services into the box (zarafa, jabber, etc..) and then I got a windows 7 VM up and tried to join the domain, says my username or password are invalid/wrong ....
I removed the win8vm from the domain, tried to join again, same error...
has anybody ran into these issues? theres no error messages on zentyal.log
samba.log is full off these errors
and when I put in my login and password to join the vm to the domain these pop up a couple times.
slowly getting there
I then proceeded to install other services into the box (zarafa, jabber, etc..) and then I got a windows 7 VM up and tried to join the domain, says my username or password are invalid/wrong ....
I removed the win8vm from the domain, tried to join again, same error...
has anybody ran into these issues? theres no error messages on zentyal.log
samba.log is full off these errors
Code: [Select]
[2013/01/31 17:35:24, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:24, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:24, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:24, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
and when I put in my login and password to join the vm to the domain these pop up a couple times.
Code: [Select]
[2013/01/31 17:35:29, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1395(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1395: getncchanges on DC=ForestDnsZones,DC=myrealm,DC=lan using filter (uSNChanged>=3983)
[2013/01/31 17:35:29, 3] ../source4/rpc_server/drsuapi/getncchanges.c:1915(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for 6b169f37-13ba-44b0-8b9c-0ae850b00c76
[2013/01/31 17:35:29, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 3983 flags 0x00000074 on <GUID=ccc85a1f-7b46-40da-bab1-2aab2fe4a47d>;DC=ForestDnsZones,DC=myrealm,DC=lan gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2342228453-1215186423-3515574736-1107))
[2013/01/31 17:35:29, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:29, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:29, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:29, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:29, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:32, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1395(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1395: getncchanges on DC=DomainDnsZones,DC=myrealm,DC=lan using filter (uSNChanged>=4004)
[2013/01/31 17:35:32, 3] ../source4/rpc_server/drsuapi/getncchanges.c:1915(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for 6b169f37-13ba-44b0-8b9c-0ae850b00c76
[2013/01/31 17:35:32, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 4004 flags 0x00000074 on <GUID=23d45899-6c0e-40e7-895e-0016c2ae8867>;DC=DomainDnsZones,DC=myrealm,DC=lan gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2342228453-1215186423-3515574736-1107))
[2013/01/31 17:35:35, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1395(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1395: getncchanges on DC=myrealm,DC=lan using filter (uSNChanged>=4006)
[2013/01/31 17:35:35, 3] ../source4/rpc_server/drsuapi/getncchanges.c:1915(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for 6b169f37-13ba-44b0-8b9c-0ae850b00c76
[2013/01/31 17:35:35, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 4006 flags 0x00000074 on <GUID=bc1d303f-6955-4095-93c5-f1b516c3b3a1>;<SID=S-1-5-21-2342228453-1215186423-3515574736>;DC=myrealm,DC=lan gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2342228453-1215186423-3515574736-1107))
[2013/01/31 17:35:36, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT'
[2013/01/31 17:35:36, 3] ../source4/smbd/process_single.c:104(single_terminate)
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT]
[2013/01/31 17:35:38, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1395(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1395: getncchanges on CN=Schema,CN=Configuration,DC=myrealm,DC=lan using filter (uSNChanged>=3689)
[2013/01/31 17:35:38, 3] ../source4/rpc_server/drsuapi/getncchanges.c:1915(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for 6b169f37-13ba-44b0-8b9c-0ae850b00c76
[2013/01/31 17:35:38, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 3689 flags 0x00000074 on <GUID=61a74f83-8fda-4d60-973f-96b507e8836a>;CN=Schema,CN=Configuration,DC=myrealm,DC=lan gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2342228453-1215186423-3515574736-1107))
[2013/01/31 17:35:39, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:39, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:39, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:39, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:39, 3] ../source4/libcli/resolve/dns_ex.c:489(pipe_handler)
dns child failed to find name '6b169f37-13ba-44b0-8b9c-0ae850b00c76._msdcs.myrealm.lan' of type A
[2013/01/31 17:35:41, 2] ../source4/rpc_server/drsuapi/getncchanges.c:1395(getncchanges_collect_objects)
../source4/rpc_server/drsuapi/getncchanges.c:1395: getncchanges on CN=Configuration,DC=myrealm,DC=lan using filter (uSNChanged>=3999)
[2013/01/31 17:35:41, 3] ../source4/rpc_server/drsuapi/getncchanges.c:1915(dcesrv_drsuapi_DsGetNCChanges)
UpdateRefs on getncchanges for 6b169f37-13ba-44b0-8b9c-0ae850b00c76
[2013/01/31 17:35:41, 2] ../source4/rpc_server/drsuapi/getncchanges.c:2007(dcesrv_drsuapi_DsGetNCChanges)
DsGetNCChanges with uSNChanged >= 3999 flags 0x00000074 on <GUID=1a344a5f-3f18-4e46-87bf-4203c357a087>;CN=Configuration,DC=myrealm,DC=lan gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-2342228453-1215186423-3515574736-1107))
[2013/01/31 17:35:41.827249, 2] ../source3/smbd/server.c:436(remove_child_pid)
Could not find child 12941 -- ignoring
slowly getting there
2
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 31, 2013, 04:53:35 pm »
A service restart solved the issue, just like windows 
3
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 31, 2013, 02:07:57 pm »
The error message repeats itself around every 10 minutes. I supose it happens when gateway-01 tries to sync with servidor-001
4
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 31, 2013, 01:44:17 pm »
Removed the solved tag, cause while I can reach the KDC now it is not syncing anything after the initial sync and I found new errors in the log that might be related to it,... or not...
servidor-001 is the main server
gateway-01 is the secondary server
this log is from gateway-01 /var/log/zentyal/zentyal.log
Code: [Select]
2013/01/31 10:38:34 INFO> Samba.pm:788 EBox::Samba::importSysvolFromDC - Syncing sysvol from 'servidor-001.myrealm.lan'
2013/01/31 10:38:34 ERROR> Sudo.pm:234 EBox::Sudo::_rootError - root command set -e
kinit --keytab=/var/lib/samba/private/secrets.keytab GATEWAY-01$
mount.cifs //servidor-001.myrealm.lan/sysvol /tmp/sysvolxi_Q -o sec=krb5i,ro
mount --make-unbindable /tmp/sysvolxi_Q
rsync -av --delete --exclude 'DO_NOT_REMOVE_NtFrs_PreInstall_Directory' /tmp/sysvolxi_Q/ /var/lib/samba/sysvol/ failed.
Error output: kinit: krb5_get_init_creds: Client (GATEWAY-01$@MYREALM.LAN) unknown
Command output: .
Exit value: 1
2013/01/31 10:38:34 ERROR> Samba.pm:811 EBox::Samba::__ANON__ - Could not sync sysvol from servidor-001.escriba.com.br: root command set -e
kinit --keytab=/var/lib/samba/private/secrets.keytab GATEWAY-01$
mount.cifs //servidor-001.myrealm.lan/sysvol /tmp/sysvolxi_Q -o sec=krb5i,ro
mount --make-unbindable /tmp/sysvolxi_Q
rsync -av --delete --exclude 'DO_NOT_REMOVE_NtFrs_PreInstall_Directory' /tmp/sysvolxi_Q/ /var/lib/samba/sysvol/ failed.
Error output: kinit: krb5_get_init_creds: Client (GATEWAY-01$@MYREALM.LAN) unknown
Command output: .
Exit value: 1
2013/01/31 10:38:34 ERROR> Sudo.pm:234 EBox::Sudo::_rootError - root command umount '/tmp/sysvolxi_Q' failed.
Error output: umount: /tmp/sysvolxi_Q: not mounted
Command output: .
Exit value: 1
2013/01/31 10:38:34 INFO> Samba.pm:728 EBox::Samba::resetSysvolACL - Reseting sysvol ACLs to defaultsservidor-001 is the main server
gateway-01 is the secondary server
this log is from gateway-01 /var/log/zentyal/zentyal.log
5
Installation and Upgrades / Re: Zentyal module APIs
« on: January 31, 2013, 12:47:37 pm »
Good question, it was asked before, no answer, bought the zent book, no there either. :/
6
Installation and Upgrades / [SOLVED] Unable to reach any KDC
« on: January 31, 2013, 12:41:15 pm »
Worked just fine now, my secondary box can connect to the main one without a single hitch.
Any devs that could comment on why do we need to enter those duplicate entries?
Any devs that could comment on why do we need to enter those duplicate entries?
7
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 31, 2013, 12:00:53 pm »
Thanks dejanfc, I'll try that. It just boggles my mind why this wouldn't be setup to work by default @_@ 
8
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 30, 2013, 04:59:40 pm »
So on both servers I created a service called Kerberos Ticket, assigned port 88 tcp/udp to it, and on firewall -> packet filtering -> Internal networks to zentyal, I made a new rule allowing any to this new service, nmap from one server to another still shows the port as closed :/
iptables -L -n shows: (relavant part)
nmap from main server to secondary server
from secondary to main
iptables -L -n shows: (relavant part)
Code: [Select]
Chain iglobal (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:88 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6895 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:88 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:88 state NEWnmap from main server to secondary server
Code: [Select]
Not shown: 987 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
88/tcp closed kerberos-sec
135/tcp closed msrpc
139/tcp closed netbios-ssn
389/tcp closed ldap
443/tcp open https
445/tcp closed microsoft-ds
464/tcp closed kpasswd5
636/tcp closed ldapssl
1024/tcp closed kdm
3268/tcp closed globalcatLDAP
3269/tcp closed globalcatLDAPsslfrom secondary to main
Code: [Select]
Not shown: 987 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
88/tcp closed kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp closed kpasswd5
636/tcp open ldapssl
1024/tcp open kdm
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
9
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 30, 2013, 04:48:26 pm »
You are right, the port is closed, but why does zentyal define the kerberos service on ports 8880 and 8464 by default on the firewall?
10
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 30, 2013, 03:03:24 pm »
Yup. main server has ntp running and secondary server has it set to sync with main one.
I also checked manually on the terminal.
I also checked manually on the terminal.
11
Installation and Upgrades / Re: Unable to reach any KDC
« on: January 30, 2013, 02:50:58 pm »
A more complete log entry
Code: [Select]
2013/01/30 11:47:08 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: samba
2013/01/30 11:47:08 INFO> Samba.pm:958 EBox::Samba::__ANON__ - Joining to domain 'myrealm.lan' as DC
2013/01/30 11:47:08 INFO> Samba.pm:974 EBox::Samba::__ANON__ - Trying to contact 'servidor-001.myrealm.lan'
2013/01/30 11:47:08 INFO> Samba.pm:986 EBox::Samba::__ANON__ - Trying to get a kerberos ticket for principal 'my.adminuser@MYREALM.LAN'
2013/01/30 11:47:08 ERROR> Sudo.pm:234 EBox::Sudo::_rootError - root command kinit -e arcfour-hmac-md5 --password-file='/var/lib/zentyal/tmp/VihChz' my.adminuser@MYREALM.LAN failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm MYREALM.LAN
Command output: .
Exit value: 1
2013/01/30 11:47:08 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/01/30 11:47:10 ERROR> GlobalImpl.pm:643 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: root command kinit -e arcfour-hmac-md5 --password-file='/var/lib/zentyal/tmp/VihChz' my.adminuser@MYREALM.LAN failed.
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm MYREALM.LAN
Command output: .
Exit value: 1
2013/01/30 11:47:10 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/01/30 11:47:11 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: logs
2013/01/30 11:47:12 ERROR> GlobalImpl.pm:700 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba
12
Installation and Upgrades / [SOLVED] Unable to reach any KDC
« on: January 30, 2013, 02:44:31 pm »
I downloaded the latest zent iso from the website 3.0-1 and proceeded to do a clean install of everything to see if I finally can get this working for once.
I followed step by step the instructions on http://trac.zentyal.org/wiki/Documentation/Community/Development/singlez on a brand new VM and set up my main server.
Joined a windows 8 computer to the domain to test and it worked just fine.
Then I followed the steps on http://trac.zentyal.org/wiki/Documentation/Community/Development/multiplez and set up my second box, and when I get to the point I enabled my file sharing module I get an error message "The following modules failed while saving their changes, their state is unknown: samba" so I go check the last couple lines on /var/log/zentyal/zentyal.log and see this:
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm MYREALM.LAN
I've followed the instructions to the letter, so DNS is set up properly, both are on the same domain, different hostnames, can ping each other by their hostnames just fine.
I am really at a loss about what to do to get this working. If even following the devs directions I cant get it to work what should I do?
I followed step by step the instructions on http://trac.zentyal.org/wiki/Documentation/Community/Development/singlez on a brand new VM and set up my main server.
Joined a windows 8 computer to the domain to test and it worked just fine.
Then I followed the steps on http://trac.zentyal.org/wiki/Documentation/Community/Development/multiplez and set up my second box, and when I get to the point I enabled my file sharing module I get an error message "The following modules failed while saving their changes, their state is unknown: samba" so I go check the last couple lines on /var/log/zentyal/zentyal.log and see this:
Error output: kinit: krb5_get_init_creds: unable to reach any KDC in realm MYREALM.LAN
I've followed the instructions to the letter, so DNS is set up properly, both are on the same domain, different hostnames, can ping each other by their hostnames just fine.
I am really at a loss about what to do to get this working. If even following the devs directions I cant get it to work what should I do?
13
Installation and Upgrades / Re: Users synchronization password error.
« on: January 28, 2013, 04:43:50 pm »
I still have 2.2 running on another server just fine.
I installed a clean 3.0 on a new VM, setup all the stuff I needed.
On my second box, my firewall, I installed the basic stuff + proxy and users n groups, set up the sync and it worked just fine.
I had to move these VMs to a different subnet so I updated the IPs on the boxes and proceeded to set up the sync again, removed it, and when I try to set it up again I get that error.
After fidling with it for a good while I gave up and am now in the process of doing a clean install.
I installed a clean 3.0 on a new VM, setup all the stuff I needed.
On my second box, my firewall, I installed the basic stuff + proxy and users n groups, set up the sync and it worked just fine.
I had to move these VMs to a different subnet so I updated the IPs on the boxes and proceeded to set up the sync again, removed it, and when I try to set it up again I get that error.
After fidling with it for a good while I gave up and am now in the process of doing a clean install.
14
Installation and Upgrades / Re: Users synchronization password error.
« on: January 25, 2013, 09:06:08 pm »
gave up, tried to add secondary box as secondary DC following documentation from http://trac.zentyal.org/wiki/Documentation/Community/Development/multiplez#no1
didnt work, wouldnt recognize the administrator's password.
sigh.. I guess I'll just go for a full reinstall and hope for better luck.
didnt work, wouldnt recognize the administrator's password.
sigh.. I guess I'll just go for a full reinstall and hope for better luck.
15
Installation and Upgrades / Re: Users synchronization password error.
« on: January 25, 2013, 12:29:36 pm »
Either my problem is way too dumb and nobody is telling me or nobody ran into this issue
I could just take another day and reinstall the main server, but that isnt a real good option, I'd rather not have to go that route every time I run into an issue in Zentyal :/
I could just take another day and reinstall the main server, but that isnt a real good option, I'd rather not have to go that route every time I run into an issue in Zentyal :/