Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dzidek23

Pages: [1] 2 3
1
Directory and Authentication / Re: PAM User to sudoers
« on: January 18, 2023, 05:50:52 pm »
So I found a way to allow user to use sudo..

Edit the /etc/sudoers and add:

Code: [Select]
domain\\username   ALL=(ALL:ALL) ALLnote "\\" between domain and the username

user must also be in the sudo group

Quote
sudo usermod -aG sudo username

That still leaves me wit allowing only some users access to PAM.

2
Directory and Authentication / PAM User to sudoers
« on: January 17, 2023, 12:00:41 pm »
I understand that it is possible (and easy) to allow AD users to login to the server via ssh; PAM settings under "Users and Computers" -> LDAP Settings.

However this allows all users to have a system account.

Could anyone suggest how can I enable shell for one or some of the AD users?

Also I'm trying to figure out how to add an AD user to system sudoers?
I tried

Code: [Select]
sudo usermod -aG sudo username
adding

Code: [Select]
username      ALL=(ALL:ALL) ALL
and/or
domain\username       ALL=(ALL:ALL) ALL
to the /etc/sudoers

Neither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file.  This incident will be reported."

3
This is a very old post!

my suggestion to the LAB software would be to check DNS settings for the client machine. I would expect your computer does not know where your .com domain is.

You can add it manually to C:\Windows\System32\drivers\etc\hosts and later replace by your network DNS configuration

Also, using the Administrator account for AD queries isn't the best idea.

4
Directory and Authentication / Re: Unauthenticated LDAP Bind
« on: January 17, 2023, 11:41:24 am »
Hi,

not sure what to suggest, maybe apart from configuring firewall.

You could also raise an issue on https://github.com/zentyal/zentyal/issues if you can provide more details, this might be looked at by the developers.

5
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 16, 2022, 03:01:24 pm »
Quote
i installed it with no webGUI
hmm, doesn't this answer your question?

I think you've decided not to install Window Manager in which case you will only be able to access the server via SSH/noVNC command line or webadmin (https://ip:8443).

You won't get graphical user login without Window manager installed.

6
Other modules / smbd_audit fails
« on: December 15, 2022, 03:14:25 pm »
I created an AD user for and network enabled scanner to use (scan_user) and there is a network share with Read/Write permissions for that user (networkscan)

If I run journalctl -xe I get this:

Code: [Select]
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|user.DOSATTRIB
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_dos_attributes|fail (No data available)|/home/samba/shares/networkscan
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_shadow_copy_data|fail (Function not implemented)|
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|fsctl|fail (Function not implemented)|

It does NOT affect operation and users can scan to the share but why am I getting the smbd_audit fails?

7
Directory and Authentication / Radius Authentication Issues
« on: December 15, 2022, 02:48:44 pm »
In my system I use Cisco Catalyst 802.1x for wireless authentication. AP -> Switch -> Zentyal (Radius) -> yes/no
Windows, Android etc, all are working well and users can access network without problems.

However, a HP plotter has some limited settings and trips RADUIS authentication.

With WPA-Enterprise LEAP I get
Code: [Select]
Auth: (1600) Login incorrect (eap_leap: No Cleartext-Password or NT-Password configured for this user): [hp_user]

with WPA-Enterprise PEAP:
Code: [Select]
(1812) Login incorrect (eap_peap: TLS Alert write:fatal:protocol version): [hp_user] (from client x.x.x.x/32 port 60000 cli 40-A8-F0-88-xx-xx)
Thu Dec 15 12:49:06 2022 : ERROR: (1815) eap_peap: ERROR: TLS Alert write:fatal:protocol version

My guess would be ERROR: TLS Alert write:fatal:protocol version TLS version.

Can someone tell me how do I force RADIUS to log used protocol&version or how to enable all TLS so I can at least pin point which version to use?

8
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 14, 2022, 04:56:22 pm »
proxmox with noVNC

It happens sometime that my setup goes to tty1 (for whatever reason)

expand the noVNC side menu, toggle ALT and press F7 on your keyboard. Does work for me..

like here:
https://imgur.com/a/v29gyOe

9
Quote

Also, keep in mind that Zentyal only displays in the GUI the DNS records created by hand in the GUI itself, the rest of the records must be queried using the CLI.

* https://wiki.samba.org/index.php/DNS_Administration#Listing_zone_records

good point, all is working but the lack of sync between GUI's is confusing :)

10
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 08, 2022, 03:45:24 pm »
now that's a better screen :)

you can clearly see that you are on the command-line console (tty1 to tty6), tty7 is what you need.

You don't explain what hypervisor you are using so try to figure yourself how to change console. Use this as a hint https://askubuntu.com/questions/1138357/how-to-enable-switch-back-to-running-gui-from-tty-in-18-04.

Alt+F7 or Ctrl+Alt+F7 does normally work.

11
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 06, 2022, 12:08:31 pm »
Hi killmasta93,

your screenshot is showing only disk scan. I'm I right thinking you don't get to the graphical login page?

If you are stuck on the cli login try Alt+F7 and that should take you to graphical console.

12
Hi,

I installed Zentyal few times now, I've successfully managed to keep one installation as a small domain server. I'm really pleased with Zentyal and would like to congratulate people behind the project.

However, I don't get why you stick with Ubuntu.. Zentyal on top of Ubuntu is easy but it causes confusion.
As seen many times on this forum, people get confused when they can't find netplan.io and configuration they found on the Internet doesn't work.

Have you considered moving to Debian and maybe replacing mysql with mariadb in next Zentyal release?
 ;)

Cheers,


PS. found this https://forum.zentyal.org/index.php?action=post;quote=29147;topic=1296.0;last_msg=29147 ... promises promises  ;D

13
Hi everyone,

so I had (needed) to install another Zentyal 7 from scratch. Started with installing Ubuntu 20.04 Server and then followed the .sh script from zentyal.com.

All was well to where the script attempts to install suricata repo. This has already been reported number of times, where the repo can't be added by the script due to incorrect/lack of signature.

My question here is, could we change the script to include suricata PPA installation as per:
https://suricata.readthedocs.io/en/latest/install.html#ubuntu

After the cli installation finished I wen't to the admin page and continued with the configuration.

Installer hang on 53% with "saving network module" but because I've seen it previously I just let it run (long enough to finish a cup of tea). Then pointed the browser to the new IP and I was "again" welcomed with Configuration Wizard. I skipped it completely and when the website reloaded all was working fine.

This is a VM hosted on proxmox so the IP change during installation isn't much of a problem, plus I already knew this will happen.
I've managed to connect this server as an additional domain controller. All went smooth, with AD syncing without any problems.

Second question in this place relates to DNS... I see no DNS sync between dc01 and the new machine. Does this mean I have to manually copy DNS entries if I want some resilience or is there a way to make it automatic?

Cheerio!

14
zs webadmin restart

update if you have any outdated modules and it should go way

15
Hi,

you are trying to install additional machine on a network. The error clearly stated that the DNS entry for pdc.peta.lan does not exist. So you have to either change your network config and point DNS to your DC or use IP rather an internal domain name.

Pages: [1] 2 3