Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - desperados

Pages: [1] 2
1
has anyone joined zentyal to aws directory service?
I think I only need access to sysvol to sync group policy, and I should be able to access to \\domain.aws\SYSVOL using SMB 2.0
any other tips/tricks/suggestions/ideas? :)
thanks

2
Directory and Authentication / replica issue
« on: October 16, 2019, 05:06:48 pm »
Hi
I've some issue in my domain, I've 2 server (PDC and BDC) and I've 475 objects in PDC and 470 in BDC
so I've done:
Code: [Select]
samba-tool drs showrepland I see, between other successful statements:
Code: [Select]
DC=antea,DC=bogus
        Default-First-Site-Name\IDROGENO via RPC
                DSA object GUID: 3e8491b8-60a2-41df-809d-8174d8dc0471
                Last attempt @ Wed Oct 16 17:01:09 2019 CEST failed, result 58 (WERR_BAD_NET_RESP)
                2577 consecutive failure(s).
                Last success @ Thu Oct  3 10:20:21 2019 CEST
I've had a network issue so BDC didnt contact PDC, but now the issue is solved
but it seems that there is still something wrong, how can I have more details and understand what's wrong?
thanks

3
Directory and Authentication / home icon on dock
« on: July 05, 2019, 03:09:00 pm »
the shortcut on dock to home redirects to something like smb://mydomain.lan/user/something that doesnt exists and cant be mounted
how to remove and change to local home folder?

4
i dont' understand why, but some clients dont show "your password is expiring in X days" message
why?

5
Directory and Authentication / pdbedit bug
« on: March 05, 2019, 10:26:09 am »
when I run pdbedit -u username, it shows

Code: [Select]
Password must change: never
even if password age is setted

6
Directory and Authentication / Notify password expiration
« on: March 05, 2019, 09:19:50 am »
I'd like to notify with an email to user and administrator (me) when a password is expiring
how can i do?

7
after last update of zentyal 6, bind doesnt start with this error:

Quote
dlz_dlopen: /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so: incorrect driver API version 2, requires 3

EDIT: i've imported backup from 4.2 to 6, and in named.conf.local there was dlz_bind9_9, I changed with dlz_bind9_11 and restarted bind

8
Other modules / DHCP features
« on: February 07, 2019, 12:03:57 pm »
I've zentyal 4.2 and i want to update
in new zentyal 6.0 is it possible:
1. re-order records
2. add descriptions to record
3. sync dhcp between pdc and bdc or import/export configuration
?
thanks

9
Directory and Authentication / samba-tool domain passwordsettings
« on: July 10, 2018, 12:32:56 pm »
is it necessary to use this tool to set options about password policy?
i've tried to change them through administrative tools in windows, but i see they are not applied
thanks

10
after a locked screen, cant login any more. if reboot, all is ok

in osx logs i found "Unable to reach any KDC", in zentyal logs i found:

Quote
[2018/03/02 09:41:03.193872,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:60872 for krbtgt/ANTEA.BOGUS@ANTEA.BOGUS
[2018/03/02 09:41:03.199558,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client sent patypes: 149
[2018/03/02 09:41:03.199638,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.199651,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for ENC-TS pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.199698,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: No preauth found, returning PREAUTH-REQUIRED -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.228510,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:49742 for krbtgt/ANTEA.BOGUS@ANTEA.BOGUS
[2018/03/02 09:41:03.232609,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client sent patypes: encrypted-timestamp, 149
[2018/03/02 09:41:03.232662,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.232686,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for ENC-TS pa-data -- attori.cristina@ANTEA.BOGUS
[2018/03/02 09:41:03.232772,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: ENC-TS Pre-authentication succeeded -- attori.cristina@ANTEA.BOGUS using arcfour-hmac-md5
[2018/03/02 09:41:03.242549,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ authtime: 2018-03-02T09:41:03 starttime: unset endtime: 2018-03-02T19:41:03 renew till: unset
[2018/03/02 09:41:03.242701,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5
[2018/03/02 09:41:03.242772,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Requested flags: forwardable
[2018/03/02 09:41:03.254424,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: TGS-REQ attori.cristina@ANTEA.BOGUS from ipv4:192.168.10.67:61401 for bastet$@ANTEA.BOGUS [forwardable]
[2018/03/02 09:41:03.260344,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: TGS-REQ authtime: 2018-03-02T09:41:03 starttime: 2018-03-02T09:41:03 endtime: 2018-03-02T19:41:03 renew till: unset

11
Other modules / dns error after swaping clients
« on: October 16, 2017, 12:17:16 pm »
i've had ariel with ip 192.168.10.63
i've bought a new notebook, called it titania and assigned 192.168.10.63, meanwhile ariel is now 192.168.10.64
both notebooks are joined to domain
if i made nslookup it find that ariel is 192.168.10.63 and titania is unknown
how to fix this?
thanks

12
Other modules / sync secondary dns
« on: February 20, 2017, 09:07:31 am »
Hi
I've configured PDC and BDC, but it's not clear to me how the dns sync works
If I don't create record HOSTA in secondary DNS, it's not resolved
But if I create it, I don't need to create alias because they seem imported from PDC
is this right?
thanks

13
Directory and Authentication / Access only using FQDN
« on: February 15, 2017, 11:58:38 am »
hi
if my pc is in same lan of my servers, I can access them using \\servername
but when I'm out of office and connect with VPN (not managed by zentyal), I ha've denied access
BUT if I access to server using \\servername.mydomain.local I can access !!
I suppose there is some trouble with NetBIOS / Wins...

Code: [Select]
net view \\servername
gives me "access denied", while

Code: [Select]
net view \\servername.mydomain.local
shows me all shared folders

any idea?
thanks

14
Directory and Authentication / popup with desktop.ini
« on: February 01, 2017, 01:32:49 pm »
after joining a pc in domain, when the users (all!) logon a notepad appears to them with

Code: [Select]
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787


I've deleted desktop.ini but at the new logon it reappears

15
Directory and Authentication / sysvol Policies folder disappears
« on: November 30, 2016, 02:15:24 pm »
Hi
I've 2 Zentyal 4.2 servers, 1 PDC and 1 BDC
I've noticed that some clients, when I try to "gpupdate /force", give me error "The processing of Group Policy failed. Windows attempted to read the file " etc., and if I try to access \\mydomain\sysvol\mydomain\ I can't see Policies folder, if I access \\pdc\sysvol\pdc I can and if I access \\bdc\sysvol\bdc I can't

so I've searched what can cause this problem and I found these posts:
https://forum.zentyal.org/index.php/topic,21930.msg84424.html#msg84424
https://forum.zentyal.org/index.php/topic,23116.msg89031.html#msg89031
I've tried "samba-tool ntacl sysvolreset" but I can't fix, and this command gives me this error:

PDC
Quote
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/mydomain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1733, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1684, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1631, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

BDC
Quote
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 218, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1619, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1512, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 154, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

Pages: [1] 2