Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: [Solved ]Problem creating GPOs with vfs object = full_audit
« on: April 10, 2022, 05:50:14 pm »
I didn't have any problem since I made this config.
2
Installation and Upgrades / Re: Problem creating GPOs with vfs object = full_audit
« on: March 27, 2022, 03:56:56 am »
Solution:
vfs objects = acl_xattr full_audit
vfs objects = acl_xattr full_audit
3
Installation and Upgrades / [Solved ]Problem creating GPOs with vfs object = full_audit
« on: March 24, 2022, 09:07:01 pm »
I was trying to do this procedure:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
4
Directory and Authentication / Re: Changing .local to .com Domain
« on: December 28, 2021, 06:42:38 pm »
Thanks!
What about GPOs?
Also, would it be possible to keep the same account settings at workstations after joining the "new" domain?
Thanks
What about GPOs?
Also, would it be possible to keep the same account settings at workstations after joining the "new" domain?
Thanks
5
Directory and Authentication / Changing .local to .com Domain
« on: December 27, 2021, 01:23:41 pm »
Hello,
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
6
Installation and Upgrades / Problems with DNS on 7.0
« on: March 10, 2021, 04:18:19 am »
Hi!
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
7
Installation and Upgrades / Zentyal not updating reverse lookup Zone
« on: June 19, 2020, 04:54:14 am »
Hi!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
8
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: December 08, 2018, 10:57:17 pm »
Hi!
Tried that and kill some process at time.
The machine upgraded sucessfully.
I've other machine that is stuck on:
Setting up zentyal-core (6.0.1) ...
Installing new version of config file /etc/cron.daily/zentyal ...
any idea?
Tried that and kill some process at time.
The machine upgraded sucessfully.
I've other machine that is stuck on:
Setting up zentyal-core (6.0.1) ...
Installing new version of config file /etc/cron.daily/zentyal ...
any idea?
9
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: November 30, 2018, 09:43:10 pm »
nothing?
10
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: November 26, 2018, 10:44:53 am »
You mean stop DNS?
I tried it and it kept stuck.
I tried it and it kept stuck.
11
Installation and Upgrades / Stuck Upgrading from 5.1.3 to 6.0
« on: November 25, 2018, 02:32:55 am »
Hi,
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
12
Installation and Upgrades / Re: Upgrade Zentyal to 6.0 and Ubuntu to 18.04
« on: November 14, 2018, 12:19:40 pm »
When is the button gonna be available?
13
Installation and Upgrades / Re: Upgrade Zentyal to 6.0 and Ubuntu to 18.04
« on: November 02, 2018, 11:33:58 am »
Ok. Thank you.
14
Installation and Upgrades / Upgrade Zentyal to 6.0 and Ubuntu to 18.04
« on: October 31, 2018, 01:29:52 pm »
Hi!
What would be the correct procedure to upgrade Zentyal from 5.1.1 to version 6.0 and also ubuntu 16.04 to 18.04?
Thank you!
What would be the correct procedure to upgrade Zentyal from 5.1.1 to version 6.0 and also ubuntu 16.04 to 18.04?
Thank you!
15
Installation and Upgrades / Re: Sysvol not syncing Version 5
« on: February 26, 2017, 06:22:53 pm »
Never mind...
From your changelog:
Remove perl bindings to use just samba upstream packages, current sysvol sync also deprecated, workaround at https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround this affects also ad-migrate script, currently it will not sync GPOs
From your changelog:
Remove perl bindings to use just samba upstream packages, current sysvol sync also deprecated, workaround at https://wiki.samba.org/index.php/Rsync_based_SysVol_replication_workaround this affects also ad-migrate script, currently it will not sync GPOs