Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - dzidek23

Pages: [1]
1
Other modules / DNS not recognizing static name allocation
« on: February 28, 2023, 03:31:19 pm »
So I have two machines I'd like to have static IP issued by the server.

Some time ago I created "Objects ❱ Static_Workstation" which included Laptop1, IP, MAC. This was working fine, my domain joined laptop (Laptop1) does get static IP and I can ping it via name on the network.

In the last few days I've added another device (same thing Laptop2, IP, MAC). The device does get the allocated IP but DNS doesn't seem to recognize the name. If I ping Laptop2 all I'm getting is "Ping request could not find host Laptop2. Please check the name and try again."; ping with IP works just fine.

What could I be doing wrong? I've restarted server (probably number of times already) DNS and DHCP; Laptop was restarted many times too.

Typing this, I realized that the only difference between Laptop1 and Laptop2 was that the latter was pre-created in the AD. I created an object called Laptop2 in where I want it to exist. I then joined the laptop and it worked (apart the DNS allocation).

Any suggestions would be greatly received,


2
Directory and Authentication / PAM User to sudoers
« on: January 17, 2023, 12:00:41 pm »
I understand that it is possible (and easy) to allow AD users to login to the server via ssh; PAM settings under "Users and Computers" -> LDAP Settings.

However this allows all users to have a system account.

Could anyone suggest how can I enable shell for one or some of the AD users?

Also I'm trying to figure out how to add an AD user to system sudoers?
I tried

Code: [Select]
sudo usermod -aG sudo username
adding

Code: [Select]
username      ALL=(ALL:ALL) ALL
and/or
domain\username       ALL=(ALL:ALL) ALL
to the /etc/sudoers

Neither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file.  This incident will be reported."

3
Other modules / smbd_audit fails
« on: December 15, 2022, 03:14:25 pm »
I created an AD user for and network enabled scanner to use (scan_user) and there is a network share with Read/Write permissions for that user (networkscan)

If I run journalctl -xe I get this:

Code: [Select]
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|user.DOSATTRIB
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_dos_attributes|fail (No data available)|/home/samba/shares/networkscan
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_shadow_copy_data|fail (Function not implemented)|
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|fsctl|fail (Function not implemented)|

It does NOT affect operation and users can scan to the share but why am I getting the smbd_audit fails?

4
Directory and Authentication / Radius Authentication Issues
« on: December 15, 2022, 02:48:44 pm »
In my system I use Cisco Catalyst 802.1x for wireless authentication. AP -> Switch -> Zentyal (Radius) -> yes/no
Windows, Android etc, all are working well and users can access network without problems.

However, a HP plotter has some limited settings and trips RADUIS authentication.

With WPA-Enterprise LEAP I get
Code: [Select]
Auth: (1600) Login incorrect (eap_leap: No Cleartext-Password or NT-Password configured for this user): [hp_user]

with WPA-Enterprise PEAP:
Code: [Select]
(1812) Login incorrect (eap_peap: TLS Alert write:fatal:protocol version): [hp_user] (from client x.x.x.x/32 port 60000 cli 40-A8-F0-88-xx-xx)
Thu Dec 15 12:49:06 2022 : ERROR: (1815) eap_peap: ERROR: TLS Alert write:fatal:protocol version

My guess would be ERROR: TLS Alert write:fatal:protocol version TLS version.

Can someone tell me how do I force RADIUS to log used protocol&version or how to enable all TLS so I can at least pin point which version to use?

5
Hi,

I installed Zentyal few times now, I've successfully managed to keep one installation as a small domain server. I'm really pleased with Zentyal and would like to congratulate people behind the project.

However, I don't get why you stick with Ubuntu.. Zentyal on top of Ubuntu is easy but it causes confusion.
As seen many times on this forum, people get confused when they can't find netplan.io and configuration they found on the Internet doesn't work.

Have you considered moving to Debian and maybe replacing mysql with mariadb in next Zentyal release?
 ;)

Cheers,


PS. found this https://forum.zentyal.org/index.php?action=post;quote=29147;topic=1296.0;last_msg=29147 ... promises promises  ;D

6
Hi everyone,

so I had (needed) to install another Zentyal 7 from scratch. Started with installing Ubuntu 20.04 Server and then followed the .sh script from zentyal.com.

All was well to where the script attempts to install suricata repo. This has already been reported number of times, where the repo can't be added by the script due to incorrect/lack of signature.

My question here is, could we change the script to include suricata PPA installation as per:
https://suricata.readthedocs.io/en/latest/install.html#ubuntu

After the cli installation finished I wen't to the admin page and continued with the configuration.

Installer hang on 53% with "saving network module" but because I've seen it previously I just let it run (long enough to finish a cup of tea). Then pointed the browser to the new IP and I was "again" welcomed with Configuration Wizard. I skipped it completely and when the website reloaded all was working fine.

This is a VM hosted on proxmox so the IP change during installation isn't much of a problem, plus I already knew this will happen.
I've managed to connect this server as an additional domain controller. All went smooth, with AD syncing without any problems.

Second question in this place relates to DNS... I see no DNS sync between dc01 and the new machine. Does this mean I have to manually copy DNS entries if I want some resilience or is there a way to make it automatic?

Cheerio!

7
Installation and Upgrades / Ubuntu 20.04 to 22.04.1 in-place upgrade
« on: October 11, 2022, 04:15:38 pm »
Just a quick question if anyone tried upgrading Zentyal 7.0.5 on Ubuntu 20.04 to 22.04.1 LTS with do-release-upgrade yet?


8
Other modules / Multigateway rules vs console IP route
« on: May 24, 2022, 03:49:18 pm »
Please can someone explain how the Webadmin network configuration controls the systems network?
Where is the web-based configuration for network and gateways stored?

If I have two gateways installed, making either of them default does NOT change the ip r on the console?

9
Other modules / Network configuration / Network Objects
« on: May 24, 2022, 03:12:13 pm »
Hi everyone,

I'm still having a difficulty setting up the network rules correctly. My setup looks like this:

Code: [Select]
10.0.1.0/24     (OLD domain)            -
10.0.2.0/24                             -  via eth0 - Zentyal DC - eth1 192.168.1.1/24 (external network) via gateway to the Internet
10.10.0.0/24    network backbone        -

The DC itself is happy and knows where things are, I can ping and access both sides.
If I have a device in the domain, it seams to be working fine, I can reach out to the Internet and go to other network.

However, devices from the old domain and network backbone can't reach the Internet. They get DNS responce from the DC but bounce of the firewall or the response is TTL exceded on the eth1.

I created objects for the "old domain" and the backbone, added their relevant IP. I have multigateway rules for interfaces (eth0, eth1) source and destination but still devices from the 10.10.0.0 can't reach the Internet.


Can someone explain how do I allow traffic from network that is NOT directly connected to Zenytal (reaching the eth0 via network switch) to connect to the internet (on eth1).

10
Zentyal 7, using RSAT to create some new GPOs.

I was able to create some GPOs few weeks ago. Today I'm presented with "There is not enough space on the disk". I can delete old GPOs, but not make a new ones.

/var/lib/samba/sysvol/domain.local/ has over 30% disk free (10GB)

Any ideas how to resolve this?

Edit:
I managed to find that it's not the lack of space but permission of my user. If I use the Administrator (main domain user) GPOs can be created, if I use my user (who is a member of Domain Admins) I get "not enough space".

Cheerio!

11
I'm really interested with the state of Zentyal development. We see little to no activity in this forum, no moderation and some SPAM sneaking in.
[EDIT] SPAM just got cleared - so there is some moderation [/EDIT]

The Zentyal Github hasn't been updated for over 11 months. Issues are not even acknowledged with last Admin note from Jan this year.

What is going on, is Zentyal dying!?

I've been testing Zenytal for couple months now (with the idea that once proved suitable I'll make my bosses to pay for the commercial version). If there's no sign of life in the project, is it worth even looking at it?

Zentyal is an ideal solution, easy to install and configure, Debian based, with clear and simple menu. No other competitor suit me like Zentyal, but I'm concerned about the longevity of the project.
Will we see any updates, is there future in Zentyal?


12
Hi Zentyal users,

I'd like to know if anyone tried to use (bring back) some of the retired Zentyal functionality?
I'm interested with modules like HA, printers (possibly NUT-server and asterisk).

Before I waste any time trying to make sense of those modules I'd appreciate your comments and experience.

@Zentyal - why oh why did you kill the HA module. It is something that's really vital in now days network.
I'd like to setup a resilient network with AD for accounts, RADIUS for wifi authentication, secondary DC for fallback. Without HA it isn't feasible as DHCP can only be hosted on one machine. Surely, working HA would be a great sales pitch for Zentyal Commercial.

13
Other modules / IPtables inospoof fnospoof
« on: March 16, 2022, 05:24:32 pm »
Hi,

Does anyone know what are:
Chain inospoof
and
Chain fnospoof

They are seriously messing up my connections to other devices on the network. All packets are dropped although there are accept rules on UI firewall.

14
Other modules / [SOLVED] How to steer traffic to a specific gateway?
« on: March 15, 2022, 02:41:38 pm »
In my scenario, Zentyal 7.0.4 has two gateways.

eth0 VLAN10 10.0.0.1/24 connected to my L3 switch (IP addressing and DHCP from Zentyal)
eth1 VLAN11 192.168.0.1/24 connected to interent gateway/firewall (firewall is the DHCP server)

eth0 - (not default, weight 1)
eth1 - (default, weight 10)

My L3 switch has number of other VLANs eg.

VLAN3 10.0.1.1/24 another domain (not connected to Zentyal)

Now, If I try to ping 10.0.1.1, Zentyal sends all traffic to eth1 - with "no route to host"
The L3 switch would send the packet to the right place and it also knows how to forward traffic back VLAN11.

Can anyone tell me how to setup traffic forwarding so that certain IP's are pushed to eth0 and not the default. This is something I can't figure out and documentation doesn't cover this.

15
Hi,

I was testing Zential domain module, adding users and joining machines. All went smoothly until I wanted to remove a computer from the domain.
The "bin" icon was disabled an I couldn't find a way to kick out this computer. I even went to external applications "admin-tools" from here (hxxps://appimage.github.io/admin-tools/) but that was no help. It looked as if I didn't have the rights to do that change.
Any ideas how to disjoin a machine in this situation?

Cheers
dzidek23

Pages: [1]