This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1 [2]
16
Directory and Authentication / GPO script logon not working?
« on: September 30, 2020, 06:45:55 pm »
Hi,
Currently trying to install a startup script though GPO, before trying on zentyal i did with a window server 2012r2 and it worked. So i think it might be a bug on zentyal.
on the GPO i added the startup script to the location of the script. All the users have permission to have access of the folder. I checked on event viewer and got the
1130 Group policy error
https://imgur.com/r2BRPre.png
https://imgur.com/gOc0eAw.png
any ideas?
Thank you
Currently trying to install a startup script though GPO, before trying on zentyal i did with a window server 2012r2 and it worked. So i think it might be a bug on zentyal.
on the GPO i added the startup script to the location of the script. All the users have permission to have access of the folder. I checked on event viewer and got the
1130 Group policy error
https://imgur.com/r2BRPre.png
https://imgur.com/gOc0eAw.png
any ideas?
Thank you
17
Directory and Authentication / A record Issue not replicating?
« on: September 20, 2020, 05:57:17 pm »
Hi
Currently installed a new VM which automatically got the DHCP from zentyal which it automatic create the dynamic DNS record on zentyal.
The issue is that i changed the IP of the VM and needed to add A record and PTR record which i did on the WEBgui.
But i keep seeing the old IP
i checked in nano /var/lib/bind/db.0.168.192
which only shows PTR info
https://imgur.com/0hr8iPa.png
https://imgur.com/2vtmnrG.png
Thank you
Currently installed a new VM which automatically got the DHCP from zentyal which it automatic create the dynamic DNS record on zentyal.
The issue is that i changed the IP of the VM and needed to add A record and PTR record which i did on the WEBgui.
But i keep seeing the old IP
i checked in nano /var/lib/bind/db.0.168.192
which only shows PTR info
https://imgur.com/0hr8iPa.png
https://imgur.com/2vtmnrG.png
Thank you
18
Directory and Authentication / Password expired DNS-user? (solved)
« on: September 20, 2020, 02:49:01 am »
Hi
I needed to create on A record on the web interface and restart the DNS but getting this issue
So my question is on the user DNS-APOLO can i reset the password? or how do i by pass this error without screwing it up?
Thank you
edit: solved by running this
I needed to create on A record on the web interface and restart the DNS but getting this issue
Code: [Select]
Command output: .
Exit value: 1
2020/09/19 20:17:33 ERROR> Service.pm:971 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
2020/09/19 20:17:33 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-apolo failed.
Error output: Password has expired
dns-apolo@MYDOMAIN.LOCAL's Password:
So my question is on the user DNS-APOLO can i reset the password? or how do i by pass this error without screwing it up?
Thank you
edit: solved by running this
Code: [Select]
sudo samba-tool user setexpiry dns-apolo --noexpiry
19
Directory and Authentication / SPN? (solved)
« on: September 20, 2020, 01:45:33 am »
Hi
I was wondering if someone could shed some light on the issue im having.
Currently trying to create SPN user to my linux MSSQL which i have to do though powershell, So i have a windows server which is connected to the domain of zentyal
But i tried running this powershell command, the zentyal server is 192.168.0.200
but i get an error saying could not establish to server
But whats concerning i would need to run this on the powershell also, so how would i make the windows server to be able to import the active directory services? or maybe this can be done on zentyal?
Thank you
EDIT: first create the MSSQL user by the AD instead though Powershell
then run the commands on powershell with no issue to create the mssql.keytab
I was wondering if someone could shed some light on the issue im having.
Currently trying to create SPN user to my linux MSSQL which i have to do though powershell, So i have a windows server which is connected to the domain of zentyal
But i tried running this powershell command, the zentyal server is 192.168.0.200
Code: [Select]
New-ADUser -Server 192.168.0.200 mssql -AccountPassword (Read-Host -AsSecureStri
ng "Enter Password") -PasswordNeverExpires $true -Enabled $true
but i get an error saying could not establish to server
But whats concerning i would need to run this on the powershell also, so how would i make the windows server to be able to import the active directory services? or maybe this can be done on zentyal?
Code: [Select]
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/hercules.mydomain.local:1433@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ MSSQLSvc/192.168.3.155:1433@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto aes256-sha1 /mapuser mydomain\mssql /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
ktpass /princ mssql@mydomain.local /ptype KRB5_NT_PRINCIPAL /crypto rc4-hmac-nt /mapuser mydomain\mssql /in mssql.keytab /out mssql.keytab -setpass -setupn /kvno 4 /pass mypassword
Thank you
EDIT: first create the MSSQL user by the AD instead though Powershell
then run the commands on powershell with no issue to create the mssql.keytab
20
Installation and Upgrades / email alert?
« on: February 27, 2020, 03:15:10 am »
Hi,
I was wondering if someone else is having this issue before? currently running 6.1 and constantly getting email alert with this
Thank you
I was wondering if someone else is having this issue before? currently running 6.1 and constantly getting email alert with this
Code: [Select]
/etc/cron.hourly/90zentyal-manage-logs:
/etc/cron.hourly/90zentyal-manage-logs: line 3: /usr/share/zentyal/manage-logs: No such file or directory
run-parts: /etc/cron.hourly/90zentyal-manage-logs exited with return code 127
Thank you
21
Directory and Authentication / Issue with Computer Name not changing
« on: January 28, 2020, 03:49:06 am »
Hi,
I was wondering if someone else has had this issue before, Currently changed name of a PC which was illustrator-pc to illustrators-pc adding the s at the end i check on zentyal web and it does not change
adding the screen shots
https://imgur.com/a/bkZRURI
Thank you
I was wondering if someone else has had this issue before, Currently changed name of a PC which was illustrator-pc to illustrators-pc adding the s at the end i check on zentyal web and it does not change
adding the screen shots
https://imgur.com/a/bkZRURI
Thank you
22
Directory and Authentication / issue shares permissions (solved)
« on: January 27, 2020, 04:41:44 am »
Hi,
I was wondering if someone could shed some light on the issue im having.
I have a folder called shares
inside that folder im going to create another folder called Users
So far so good that folder shares and Users can be accessed and modify by the users of the domain.
But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder
So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder
which means that test2 cannot see user1folder and test1 cannot see user2folder
so this is what i need so not sure if i have to do on samba or on windows?
when i try on windows i get the error when enumerating objects in the container access was denied
This is the smb share conf
https://ibb.co/TtC6BsJ
Thank you
I was wondering if someone could shed some light on the issue im having.
I have a folder called shares
inside that folder im going to create another folder called Users
So far so good that folder shares and Users can be accessed and modify by the users of the domain.
But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder
So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder
which means that test2 cannot see user1folder and test1 cannot see user2folder
so this is what i need so not sure if i have to do on samba or on windows?
when i try on windows i get the error when enumerating objects in the container access was denied
This is the smb share conf
Code: [Select]
[shares]
path = /data
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Users"
read list =
write list = @"Domain Users"
admin users =
vfs objects = acl_xattr full_audit recycle shadow_copy2
# full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
recycle: inherit_nt_acl = Yes
recycle: keeptree = Yes
recycle: versions = Yes
recycle: repository = RecycleBin
https://ibb.co/TtC6BsJ
Thank you
23
Directory and Authentication / Samba Issue with shadow copy
« on: January 09, 2020, 04:05:10 am »
HI,
I was wondering if someone else has any experience with this before? Currently Version: 6.1 zentyal and Samba version 4.7.6-Ubuntu
The time in the shadow copy does not show correct on the windows previous versions, as soon as i put shadow:localtime = yes and restart samba does not show previous versions which therefore i have to put shadow:localtime = no
Currently using pyznap for the snapshots of the ZFS file system
see pictures on the times not correct but both windows and zentyal have the correct time just the previous versions are now. The hour difference is about 5 hours behind the last snapshot was 6:10pm on zentyal and on the previous versions on windows show 1:10 pm
Picture
https://ibb.co/PZTgXFB
This is my samba share
Thank you
I was wondering if someone else has any experience with this before? Currently Version: 6.1 zentyal and Samba version 4.7.6-Ubuntu
The time in the shadow copy does not show correct on the windows previous versions, as soon as i put shadow:localtime = yes and restart samba does not show previous versions which therefore i have to put shadow:localtime = no
Currently using pyznap for the snapshots of the ZFS file system
see pictures on the times not correct but both windows and zentyal have the correct time just the previous versions are now. The hour difference is about 5 hours behind the last snapshot was 6:10pm on zentyal and on the previous versions on windows show 1:10 pm
Picture
https://ibb.co/PZTgXFB
This is my samba share
Code: [Select]
[test]
path = /data
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Users"
read list =
write list = @"Domain Users"
admin users =
vfs objects = acl_xattr full_audit recycle shadow_copy2
# full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
recycle: inherit_nt_acl = Yes
recycle: versions = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: keeptree = Yes
recycle: repository = RecycleBin
recycle: directory_mode = 0700
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
# Specify snapshot name: frequent, hourly, daily... as desired
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
Thank you
24
Directory and Authentication / samba audit?
« on: December 28, 2019, 01:47:35 am »
Hi,
I was wondering if someone else has accomplish to enable the samba audit to log on another file?
This is what i have so far first inside of rsyslog the 50.default.conf
added this at the end
then on the shares.conf this is what i have
then restarted samba and rsyslog but not seeing the logs comming in
Thank you
I was wondering if someone else has accomplish to enable the samba audit to log on another file?
This is what i have so far first inside of rsyslog the 50.default.conf
added this at the end
Code: [Select]
if $programname == 'smbd_audit' then /var/log/audit.log
if $programname == 'smbd_audit' then ~
then on the shares.conf this is what i have
Code: [Select]
# Shares
[shares]
path = /disk2
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Users"
read list =
write list = @"Domain Users"
admin users =
vfs objects = acl_xattr full_audit recycle
full_audit:prefix = %S|%u|%I|%m
full_audit:success = chdir mkdir open opendir read rename rmdir write link unlink
full_audit:failure = none
full_audit:facility = local7
full_audit:priority = notice
recycle: inherit_nt_acl = Yes
recycle: directory_mode = 0700
recycle: repository = RecycleBin
recycle: keeptree = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: versions = Yes
then restarted samba and rsyslog but not seeing the logs comming in
Thank you
25
Installation and Upgrades / quick question on migrating server 2012r2
« on: December 06, 2019, 01:04:10 am »
Hi,
i was wondering if its possible to migrate users from 2012r2 to zentyal, i saw that the roles can only migrate if one has 2008r2, but not if migrating the users applies to that same concept?
Thank you
i was wondering if its possible to migrate users from 2012r2 to zentyal, i saw that the roles can only migrate if one has 2008r2, but not if migrating the users applies to that same concept?
Thank you
26
Directory and Authentication / questions about DNS?
« on: May 27, 2019, 12:01:32 am »
Hi,
I was wondering if someone could shed some light on the issue im having. Currently wanting to swich from windows to zentyal, as running a test enviroment first i wanted to see how it goes. So far so good only 3 things i didnt understand.
1) as for the DNS i can resolve the name but when i try to resolve by IP it cannot find it, in theory the DHCP should inject it
2) howcome the DHCP works so differnt as to add static has to be out of the DHCP scope, i guess it applies in all linux servers which give out DHCP like pfSense
3) as the network share how can i remove the Drive which auto mount it, or how could i change the home location to save into another drive inside of zentyal?
Thank you
I was wondering if someone could shed some light on the issue im having. Currently wanting to swich from windows to zentyal, as running a test enviroment first i wanted to see how it goes. So far so good only 3 things i didnt understand.
1) as for the DNS i can resolve the name but when i try to resolve by IP it cannot find it, in theory the DHCP should inject it
2) howcome the DHCP works so differnt as to add static has to be out of the DHCP scope, i guess it applies in all linux servers which give out DHCP like pfSense
3) as the network share how can i remove the Drive which auto mount it, or how could i change the home location to save into another drive inside of zentyal?
Thank you
Pages: 1 [2]