Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Directory and Authentication / Re: PAM User to sudoers
« on: January 18, 2023, 05:50:52 pm »
So I found a way to allow user to use sudo..
Edit the /etc/sudoers and add:
user must also be in the sudo group
That still leaves me wit allowing only some users access to PAM.
Edit the /etc/sudoers and add:
Code: [Select]
domain\\username ALL=(ALL:ALL) ALLnote "\\" between domain and the usernameuser must also be in the sudo group
Quote
sudo usermod -aG sudo username
That still leaves me wit allowing only some users access to PAM.
2
Directory and Authentication / PAM User to sudoers
« on: January 17, 2023, 12:00:41 pm »
I understand that it is possible (and easy) to allow AD users to login to the server via ssh; PAM settings under "Users and Computers" -> LDAP Settings.
However this allows all users to have a system account.
Could anyone suggest how can I enable shell for one or some of the AD users?
Also I'm trying to figure out how to add an AD user to system sudoers?
I tried
adding
Neither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file. This incident will be reported."
However this allows all users to have a system account.
Could anyone suggest how can I enable shell for one or some of the AD users?
Also I'm trying to figure out how to add an AD user to system sudoers?
I tried
Code: [Select]
sudo usermod -aG sudo usernameadding
Code: [Select]
username ALL=(ALL:ALL) ALL
and/or
domain\username ALL=(ALL:ALL) ALLto the /etc/sudoersNeither allows me to escalate privilages and I get "Domain\Username is not in the sudoers file. This incident will be reported."
3
Directory and Authentication / Re: Unable to get a lab software to Zentyal domain
« on: January 17, 2023, 11:50:10 am »
This is a very old post!
my suggestion to the LAB software would be to check DNS settings for the client machine. I would expect your computer does not know where your .com domain is.
You can add it manually to C:\Windows\System32\drivers\etc\hosts and later replace by your network DNS configuration
Also, using the Administrator account for AD queries isn't the best idea.
my suggestion to the LAB software would be to check DNS settings for the client machine. I would expect your computer does not know where your .com domain is.
You can add it manually to C:\Windows\System32\drivers\etc\hosts and later replace by your network DNS configuration
Also, using the Administrator account for AD queries isn't the best idea.
4
Directory and Authentication / Re: Unauthenticated LDAP Bind
« on: January 17, 2023, 11:41:24 am »
Hi,
not sure what to suggest, maybe apart from configuring firewall.
You could also raise an issue on https://github.com/zentyal/zentyal/issues if you can provide more details, this might be looked at by the developers.
not sure what to suggest, maybe apart from configuring firewall.
You could also raise an issue on https://github.com/zentyal/zentyal/issues if you can provide more details, this might be looked at by the developers.
5
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 16, 2022, 03:01:24 pm »Quote
i installed it with no webGUIhmm, doesn't this answer your question?
I think you've decided not to install Window Manager in which case you will only be able to access the server via SSH/noVNC command line or webadmin (https://ip:8443).
You won't get graphical user login without Window manager installed.
6
Other modules / smbd_audit fails
« on: December 15, 2022, 03:14:25 pm »
I created an AD user for and network enabled scanner to use (scan_user) and there is a network share with Read/Write permissions for that user (networkscan)
If I run journalctl -xe I get this:
It does NOT affect operation and users can scan to the share but why am I getting the smbd_audit fails?
If I run journalctl -xe I get this:
Code: [Select]
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|security.NTACL
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|getxattr|fail (No data available)|/home/samba/shares/networkscan|user.DOSATTRIB
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_dos_attributes|fail (No data available)|/home/samba/shares/networkscan
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|get_shadow_copy_data|fail (Function not implemented)|
Dec 15 14:00:10 dc01 smbd_audit[219339]: domain\scan_user|x.x.x.x|fsctl|fail (Function not implemented)|
It does NOT affect operation and users can scan to the share but why am I getting the smbd_audit fails?
7
Directory and Authentication / Radius Authentication Issues
« on: December 15, 2022, 02:48:44 pm »
In my system I use Cisco Catalyst 802.1x for wireless authentication. AP -> Switch -> Zentyal (Radius) -> yes/no
Windows, Android etc, all are working well and users can access network without problems.
However, a HP plotter has some limited settings and trips RADUIS authentication.
With WPA-Enterprise LEAP I get
with WPA-Enterprise PEAP:
My guess would be ERROR: TLS Alert write:fatal:protocol version TLS version.
Can someone tell me how do I force RADIUS to log used protocol&version or how to enable all TLS so I can at least pin point which version to use?
Windows, Android etc, all are working well and users can access network without problems.
However, a HP plotter has some limited settings and trips RADUIS authentication.
With WPA-Enterprise LEAP I get
Code: [Select]
Auth: (1600) Login incorrect (eap_leap: No Cleartext-Password or NT-Password configured for this user): [hp_user]
with WPA-Enterprise PEAP:
Code: [Select]
(1812) Login incorrect (eap_peap: TLS Alert write:fatal:protocol version): [hp_user] (from client x.x.x.x/32 port 60000 cli 40-A8-F0-88-xx-xx)
Thu Dec 15 12:49:06 2022 : ERROR: (1815) eap_peap: ERROR: TLS Alert write:fatal:protocol version
My guess would be ERROR: TLS Alert write:fatal:protocol version TLS version.
Can someone tell me how do I force RADIUS to log used protocol&version or how to enable all TLS so I can at least pin point which version to use?
8
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 14, 2022, 04:56:22 pm »
proxmox with noVNC
It happens sometime that my setup goes to tty1 (for whatever reason)
expand the noVNC side menu, toggle ALT and press F7 on your keyboard. Does work for me..
like here:
https://imgur.com/a/v29gyOe
It happens sometime that my setup goes to tty1 (for whatever reason)
expand the noVNC side menu, toggle ALT and press F7 on your keyboard. Does work for me..
like here:
https://imgur.com/a/v29gyOe
9
Installation and Upgrades / Re: Yet another installation on Ubuntu 20.04 - some question
« on: December 08, 2022, 04:04:43 pm »Quote
Also, keep in mind that Zentyal only displays in the GUI the DNS records created by hand in the GUI itself, the rest of the records must be queried using the CLI.
* https://wiki.samba.org/index.php/DNS_Administration#Listing_zone_records
good point, all is working but the lack of sync between GUI's is confusing
10
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 08, 2022, 03:45:24 pm »
now that's a better screen
you can clearly see that you are on the command-line console (tty1 to tty6), tty7 is what you need.
You don't explain what hypervisor you are using so try to figure yourself how to change console. Use this as a hint https://askubuntu.com/questions/1138357/how-to-enable-switch-back-to-running-gui-from-tty-in-18-04.
Alt+F7 or Ctrl+Alt+F7 does normally work.
you can clearly see that you are on the command-line console (tty1 to tty6), tty7 is what you need.
You don't explain what hypervisor you are using so try to figure yourself how to change console. Use this as a hint https://askubuntu.com/questions/1138357/how-to-enable-switch-back-to-running-gui-from-tty-in-18-04.
Alt+F7 or Ctrl+Alt+F7 does normally work.
11
Installation and Upgrades / Re: Odd issue from updating 6.2 to 7
« on: December 06, 2022, 12:08:31 pm »
Hi killmasta93,
your screenshot is showing only disk scan. I'm I right thinking you don't get to the graphical login page?
If you are stuck on the cli login try Alt+F7 and that should take you to graphical console.
your screenshot is showing only disk scan. I'm I right thinking you don't get to the graphical login page?
If you are stuck on the cli login try Alt+F7 and that should take you to graphical console.
12
Contributions / Tips&Tricks / Features Requests / Feature request - Zentyal on Debian
« on: November 22, 2022, 01:15:12 pm »
Hi,
I installed Zentyal few times now, I've successfully managed to keep one installation as a small domain server. I'm really pleased with Zentyal and would like to congratulate people behind the project.
However, I don't get why you stick with Ubuntu.. Zentyal on top of Ubuntu is easy but it causes confusion.
As seen many times on this forum, people get confused when they can't find netplan.io and configuration they found on the Internet doesn't work.
Have you considered moving to Debian and maybe replacing mysql with mariadb in next Zentyal release?
Cheers,
PS. found this https://forum.zentyal.org/index.php?action=post;quote=29147;topic=1296.0;last_msg=29147 ... promises promises
I installed Zentyal few times now, I've successfully managed to keep one installation as a small domain server. I'm really pleased with Zentyal and would like to congratulate people behind the project.
However, I don't get why you stick with Ubuntu.. Zentyal on top of Ubuntu is easy but it causes confusion.
As seen many times on this forum, people get confused when they can't find netplan.io and configuration they found on the Internet doesn't work.
Have you considered moving to Debian and maybe replacing mysql with mariadb in next Zentyal release?
Cheers,
PS. found this https://forum.zentyal.org/index.php?action=post;quote=29147;topic=1296.0;last_msg=29147 ... promises promises
13
Installation and Upgrades / Yet another installation on Ubuntu 20.04 - some question
« on: November 16, 2022, 05:06:30 pm »
Hi everyone,
so I had (needed) to install another Zentyal 7 from scratch. Started with installing Ubuntu 20.04 Server and then followed the .sh script from zentyal.com.
All was well to where the script attempts to install suricata repo. This has already been reported number of times, where the repo can't be added by the script due to incorrect/lack of signature.
My question here is, could we change the script to include suricata PPA installation as per:
https://suricata.readthedocs.io/en/latest/install.html#ubuntu
After the cli installation finished I wen't to the admin page and continued with the configuration.
Installer hang on 53% with "saving network module" but because I've seen it previously I just let it run (long enough to finish a cup of tea). Then pointed the browser to the new IP and I was "again" welcomed with Configuration Wizard. I skipped it completely and when the website reloaded all was working fine.
This is a VM hosted on proxmox so the IP change during installation isn't much of a problem, plus I already knew this will happen.
I've managed to connect this server as an additional domain controller. All went smooth, with AD syncing without any problems.
Second question in this place relates to DNS... I see no DNS sync between dc01 and the new machine. Does this mean I have to manually copy DNS entries if I want some resilience or is there a way to make it automatic?
Cheerio!
so I had (needed) to install another Zentyal 7 from scratch. Started with installing Ubuntu 20.04 Server and then followed the .sh script from zentyal.com.
All was well to where the script attempts to install suricata repo. This has already been reported number of times, where the repo can't be added by the script due to incorrect/lack of signature.
My question here is, could we change the script to include suricata PPA installation as per:
https://suricata.readthedocs.io/en/latest/install.html#ubuntu
After the cli installation finished I wen't to the admin page and continued with the configuration.
Installer hang on 53% with "saving network module" but because I've seen it previously I just let it run (long enough to finish a cup of tea). Then pointed the browser to the new IP and I was "again" welcomed with Configuration Wizard. I skipped it completely and when the website reloaded all was working fine.
This is a VM hosted on proxmox so the IP change during installation isn't much of a problem, plus I already knew this will happen.
I've managed to connect this server as an additional domain controller. All went smooth, with AD syncing without any problems.
Second question in this place relates to DNS... I see no DNS sync between dc01 and the new machine. Does this mean I have to manually copy DNS entries if I want some resilience or is there a way to make it automatic?
Cheerio!
14
Installation and Upgrades / Re: New install Inital config stuck at final save
« on: November 16, 2022, 04:28:35 pm »
zs webadmin restart
update if you have any outdated modules and it should go way
update if you have any outdated modules and it should go way
15
Installation and Upgrades / Re: additional domain controller - could not be resolved to its IP address
« on: November 15, 2022, 10:08:27 am »
Hi,
you are trying to install additional machine on a network. The error clearly stated that the DNS entry for pdc.peta.lan does not exist. So you have to either change your network config and point DNS to your DC or use IP rather an internal domain name.
you are trying to install additional machine on a network. The error clearly stated that the DNS entry for pdc.peta.lan does not exist. So you have to either change your network config and point DNS to your DC or use IP rather an internal domain name.