Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
136
Other modules / Re: Error after RNDC Reload
« on: February 03, 2022, 10:46:19 am »
Hi,
According the log file, your Domain Controller module cannot contact with the server that has the FSMO roles (ns1.indomaret.group). You should check that.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
According the log file, your Domain Controller module cannot contact with the server that has the FSMO roles (ns1.indomaret.group). You should check that.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
137
Other modules / Re: Error after RNDC Reload
« on: January 28, 2022, 11:52:55 am »
Hi,
Did you check which errors do you get in the following log files?
* /var/log/zentyal/zentyal.log
* /var/log/syslog
Also, did you check if the internal database of Samba has errors?
Below you have more information about 'dbcheck' subcommand.
* https://wiki.samba.org/index.php/Dbcheck
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Did you check which errors do you get in the following log files?
* /var/log/zentyal/zentyal.log
* /var/log/syslog
Also, did you check if the internal database of Samba has errors?
Code: [Select]
sudo samba-tool dbcheck --cross-ncs
Below you have more information about 'dbcheck' subcommand.
* https://wiki.samba.org/index.php/Dbcheck
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
138
Installation and Upgrades / Re: Error output: kinit: Password incorrect
« on: January 28, 2022, 11:49:14 am »
Hi,
You could try to rebuild the user, below you have the link to do it, just remember to have a backup of your Zentyal server.
* https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
You could try to rebuild the user, below you have the link to do it, just remember to have a backup of your Zentyal server.
* https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
139
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 28, 2022, 11:46:11 am »
Hi Alxndr,
The special DNS user is always called 'dns-hostname_of_the_machine'. In your case, it is 'dns-largo' as you can see.
You have 4702 errors from 5041 objects, which are a lot of errors. Probably those errors are cause of your issue during the join. Before run the command (samba-tool dbcheck --cross-ncs --fix --yes) to try to fix them, make sure to have a backup of your Zentyal server. And after the fixes, do several tests to confirm that the domain controller is stable.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
The special DNS user is always called 'dns-hostname_of_the_machine'. In your case, it is 'dns-largo' as you can see.
You have 4702 errors from 5041 objects, which are a lot of errors. Probably those errors are cause of your issue during the join. Before run the command (samba-tool dbcheck --cross-ncs --fix --yes) to try to fix them, make sure to have a backup of your Zentyal server. And after the fixes, do several tests to confirm that the domain controller is stable.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
140
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 26, 2022, 04:16:23 pm »
Hi,
I recommend you to do the following in order to try to join the Zentyal 7 as ADC of Zentyal 5.0 DC:
1. Check that there is not any record about Zentyal 7.0 after the try in your domain.
2. Check the status of your Zentyal 5.0 server, you should use download the following script and run it in your Zentyal. The most important part in your case is the function called 'dc_check'.
* https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report
3. Check that the domain users 'krbtgt' and 'Guest' are located in the original location, which is 'Users' container. Below an example:
NOTE: As you can see, both domain users are located at the container (CN) 'Users'.
I saw a few times errors during the join caused mainly for:
1. Errors in the internal database of SAmba, which you will be able to see them if you run the script from step 2. You can get more information below:
* https://wiki.samba.org/index.php/Dbcheck
2. When the user 'krbtgt' was moved to other location (step 3).
Finally, in case you cannot join the Zentyal 7 as ADC, you could try to do a migration using the feature 'Import and export', in your case, you will need to download the script from the repository.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
* (groups-export.pl, groups-import.pl, users-export.pl and users-import.pl) https://github.com/zentyal/zentyal/tree/master/main/samba/src/scripts
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
I recommend you to do the following in order to try to join the Zentyal 7 as ADC of Zentyal 5.0 DC:
1. Check that there is not any record about Zentyal 7.0 after the try in your domain.
Code: [Select]
## To see if there was created a DNS user for Zentyal 7
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='dns-zen7adc'
2. Check the status of your Zentyal 5.0 server, you should use download the following script and run it in your Zentyal. The most important part in your case is the function called 'dc_check'.
* https://github.com/zentyal/zentyal/blob/master/main/core/src/scripts/smart-admin-report
3. Check that the domain users 'krbtgt' and 'Guest' are located in the original location, which is 'Users' container. Below an example:
Code: [Select]
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='krbtgt' dn
dn: CN=krbtgt,CN=Users,DC=zentyal-domain,DC=lan
ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName='Guest' dn
dn: CN=Guest,CN=Users,DC=zentyal-domain,DC=lan
NOTE: As you can see, both domain users are located at the container (CN) 'Users'.
I saw a few times errors during the join caused mainly for:
1. Errors in the internal database of SAmba, which you will be able to see them if you run the script from step 2. You can get more information below:
* https://wiki.samba.org/index.php/Dbcheck
2. When the user 'krbtgt' was moved to other location (step 3).
Finally, in case you cannot join the Zentyal 7 as ADC, you could try to do a migration using the feature 'Import and export', in your case, you will need to download the script from the repository.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
* (groups-export.pl, groups-import.pl, users-export.pl and users-import.pl) https://github.com/zentyal/zentyal/tree/master/main/samba/src/scripts
Hope it helps you.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
141
Other modules / Re: Zentyal 7.0 DHCP error
« on: January 18, 2022, 04:41:32 pm »
Hi,
First of all, you need to check the status of the package 'zentyal-dhcp':
Then, I recommend you to check if there is other package that is broken:
In case you have any broken package, you can try to fix them with the following command:
If the issue persists, then, analyze the following log files in order to get any information about the error:
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/dpkg.log
* /var/log/apt/
Also, you should check the disk space:
furthermore, you should take a look at apparmor, perhaps it is causing you the issue with this module.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
First of all, you need to check the status of the package 'zentyal-dhcp':
Code: [Select]
sudo dpkg -l zentyal-dhcp
Then, I recommend you to check if there is other package that is broken:
Code: [Select]
sudo dpkg -l | egrep -v '^ii'
In case you have any broken package, you can try to fix them with the following command:
Code: [Select]
sudo dpkg --configure -a
If the issue persists, then, analyze the following log files in order to get any information about the error:
* /var/log/zentyal/zentyal.log
* /var/log/syslog
* /var/log/dpkg.log
* /var/log/apt/
Also, you should check the disk space:
Code: [Select]
df -h
furthermore, you should take a look at apparmor, perhaps it is causing you the issue with this module.
Code: [Select]
sudo systemctl status apparmor
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
142
Directory and Authentication / Re: one domain wide GPO to prevent thunderbird updates for all users
« on: January 18, 2022, 04:32:58 pm »
Hi,
The GPO must be created through RSAT tools. So, you need to use a Windows computer logged in the domain with an administrator user to create that policy.
NOTE: Don't forget to add the domain groups in the 'delegation' tab:
* domain users
* domain computers
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
The GPO must be created through RSAT tools. So, you need to use a Windows computer logged in the domain with an administrator user to create that policy.
NOTE: Don't forget to add the domain groups in the 'delegation' tab:
* domain users
* domain computers
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
143
Installation and Upgrades / Re: How can I remove a PC from zentyal ldap?
« on: January 03, 2022, 11:22:39 am »1. Open the web GUI for your Zentyal server in Firefox (not IE or Edge or Chrome or Opera or any other browser, just Firefox)
2. Browse to Users and Computers > Manage
3. Select the PC in question by clicking on it once with the mouse
4. Click on the trash can icon at the bottom of the users and computers window5. If prompted to make sure - choose OK or Yes or Just Do It
5. Look at the top right corner of the screen, if it says "Save Changes" then click on it and then click on the Save button.
DONE - easy peasy lemon squeezy
Hi All, I know it's been a while since the last post, but I have just tried to delete a PC from Zentyal 7.0.4 following these instructions, but the trash can icon is indeed not available "Greyed Out"
Hi,
That action must be done via CLI or through RSAT. Below you have two methods to remove a domain computer called 'W7CL01' from Zentyal itself via CLI:
Code: [Select]
# Option 1
sudo pdbedit -x -m W7CL01
# Option 2
sudo ldbdel -v -H /var/lib/samba/private/sam.ldb CN=W7CL01,CN=Computers,DC=lab5,DC=lan
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
144
Directory and Authentication / Re: Changing .local to .com Domain
« on: January 03, 2022, 11:17:08 am »
Hi,
The GPOs will be removed as well. So, you will need to make a backup of those GPO.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
The GPOs will be removed as well. So, you will need to make a backup of those GPO.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
145
Installation and Upgrades / Re: odd issue with bind?
« on: January 03, 2022, 11:12:59 am »
Hi,
Did you try to set 'any' to those 'allow-' options temporarily? Just to check if the messages disappear.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Did you try to set 'any' to those 'allow-' options temporarily? Just to check if the messages disappear.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
146
Email and Groupware / Re: Zentyal 7 and Thunderbird configuration
« on: December 27, 2021, 03:52:52 pm »
Hi,
I did a quick test and I could configure Thunderbird and send emails. Below the configuration that I set:
For incoming:
* Protocol: IMAP
* Server: zentyal.zentyal-domain.lan
* Port: 143 (993 worked too)
* SSL: STARTTLS
* Authentication: Normal Password
* Username: maria@zentyal-domain.lan
For outgoing:
* Protocol: SMTP
* Server: zentyal.zentyal-domain.lan
* Port: 587
* SSL: STARTTLS
* Authentication: Normal Password
* Username: maria@zentyal-domain.lan
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
I did a quick test and I could configure Thunderbird and send emails. Below the configuration that I set:
For incoming:
* Protocol: IMAP
* Server: zentyal.zentyal-domain.lan
* Port: 143 (993 worked too)
* SSL: STARTTLS
* Authentication: Normal Password
* Username: maria@zentyal-domain.lan
For outgoing:
* Protocol: SMTP
* Server: zentyal.zentyal-domain.lan
* Port: 587
* SSL: STARTTLS
* Authentication: Normal Password
* Username: maria@zentyal-domain.lan
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
147
Installation and Upgrades / Re: odd issue with bind?
« on: December 27, 2021, 03:22:32 pm »
Hi,
I think you need to add the parameter 'allow-query-cache' option in the configuration file 'named.conf.options' from Bind9 module and allow your network '192.168.60.0', below you have a link where the option is explained.
* http://www.zytrax.com/books/dns/ch7/queries.html#allow-query-cache
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
I think you need to add the parameter 'allow-query-cache' option in the configuration file 'named.conf.options' from Bind9 module and allow your network '192.168.60.0', below you have a link where the option is explained.
* http://www.zytrax.com/books/dns/ch7/queries.html#allow-query-cache
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
148
Directory and Authentication / Re: Changing .local to .com Domain
« on: December 27, 2021, 03:16:01 pm »
Hi,
If you are using your domain '.local' with the Domain Controller module enabled, no, as soon as you make that change, you will lose all the information (it removes everything and does the provision Domain Controller again).
Also, when you rename the domain name of a Zentyal that is provisioned (using the Domain Controller module), there are issues that ends with a rollback or a fresh installation.
So, if you need to change the domain name, you need to do a fresh installation of Zentyal, and then, import all the users and groups through the feature 'Import/Export'.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
If you are using your domain '.local' with the Domain Controller module enabled, no, as soon as you make that change, you will lose all the information (it removes everything and does the provision Domain Controller again).
Also, when you rename the domain name of a Zentyal that is provisioned (using the Domain Controller module), there are issues that ends with a rollback or a fresh installation.
So, if you need to change the domain name, you need to do a fresh installation of Zentyal, and then, import all the users and groups through the feature 'Import/Export'.
* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
149
Installation and Upgrades / Re: Impact of log4j zero day on Zentyal components
« on: December 17, 2021, 11:46:18 am »
Hi,
Zentyal uses Perl not Java, so, all the components that Zentyal has developed are not affected to the log4j vulnerability.
Aparently, if the package 'apache-log4j2' wasn't installed by any dependency, it is nothing to worry about.
* https://ubuntu.com/security/notices/USN-5192-1
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
Zentyal uses Perl not Java, so, all the components that Zentyal has developed are not affected to the log4j vulnerability.
Aparently, if the package 'apache-log4j2' wasn't installed by any dependency, it is nothing to worry about.
* https://ubuntu.com/security/notices/USN-5192-1
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
150
Directory and Authentication / Re: Netlogon? Scripts
« on: December 13, 2021, 11:37:27 am »
Hi,
Did you do any troubleshooting actions after you set the permissions? Below you have two common actions to debug issues with GPOs:
1. Generating an html report. The command must be executed in the client that has the issue:
2. Generate a detailed report through 'Group Policy Result' from 'Group Policy Management'. You need to use this option with an administrator user but setting the computer and the username that has issues.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
Did you do any troubleshooting actions after you set the permissions? Below you have two common actions to debug issues with GPOs:
1. Generating an html report. The command must be executed in the client that has the issue:
Code: [Select]
## Detailed output
gpresult /H Desktop\GPO_results.html /F
2. Generate a detailed report through 'Group Policy Result' from 'Group Policy Management'. You need to use this option with an administrator user but setting the computer and the username that has issues.
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"