Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - sspeed

Pages: [1]
1
I've narrowed it down to why my reverse zone is not being updated, but don't know why...

On a test server, the reverse zone updates.  In my named.conf.local I have:

zone "1.1.10.in-addr.arpa" {
    type master;
    file "/var/lib/bind/db.1.1.10";
    update-policy {
        // The only allowed dynamic updates are PTR records
        grant test.domain. subdomain 1.1.10.in-addr.arpa. PTR TXT;
        // Grant from localhost
        grant local-ddns zonesub any;
    };
};

On my "production server" this entry is only populated if I have the Domain Controller and File Sharing module turned off.  Once I turn it on the reverse  zone disappears.

This gets populated via the /usr/share/zentyal/stubs/dns/named.conf.local.mas file:

<%args>
    @domains
    @inaddrs
    $generateReverseZones
    @intnets
    @internalLocalNets => ()
    $confDir
    $dynamicConfDir
    $sambaZones => undef
</%args>
...
% if ($generateReverseZones) {
%   foreach my $inaddr (@inaddrs) {
%       my $zoneName = $inaddr->{'ip'} . ".in-addr.arpa";
%       next if (defined $sambaZones and
%                lc ($zoneName) eq any @{$sambaZones});

zone "<% $zoneName %>" {
    type master;
    file "<% $inaddr->{'file'} %>";
    update-policy {
        // The only allowed dynamic updates are PTR records
%       foreach my $keyName (@{$inaddr->{'keyNames'}}) {
        grant <% $keyName %>. subdomain <% $inaddr->{'ip'} %>.in-addr.arpa. PTR TXT;
%       }
        // Grant from localhost
        grant local-ddns zonesub any;
    };
};
%   }


Why is this reverse zone getting removed?  What do I have configured wrong? I'm inclined to try just deleting the reverse zone, but don't want to end up in a worse situation than it is right now.


2
Installation and Upgrades / best practices for two Zentyal servers
« on: November 14, 2019, 09:56:26 pm »
I'm finally convincing myself to retire the old Windows 2003 server that I have running alongside Zentyal since I have SMB1 long disabled.  Looking for the best practices when having two Zentyal servers.  Last time I attempted two Zentyal servers dcpromo failed on the old 2003 box and the DNS_Zentyal domain account broke on the original server when I brought the new Zentyal server online.  As of now I have all 7 FSMO roles transferred to Zentyal.

1) Are there any gotchas on the dcpromo for a 2003 box as long as the FSMO roles are transferred?
2) Has anyone else had the DNS_Zentyal account problem with two Zentyals?
3) On the domain tab, do I set my first one up as "Domain controller" and the new one as "Additional Domain Controller"?
4) What else am I missing?  What, if any, functionality will I lose by tombstoning the 2003 server?

3
I have 3 domain controllers:

1) 2003 domain controller
2) Zentyal domain controller 1 (setup as Additional domain controller)
3) Zentyal domain controller 2 (setup as Additional domain controller)

I want to retire the 2003 domain controller, but dcpromo dies because it can't transfer roles.

1) Do I need to change one of the Zentyal servers to the "Domain Controller" role under Domain?

2) I can't transfer the FSMO, schema and associated roles in the usual AD tools.  Do I need to do with samba commands somehow?

3) Once roles are transferred, can I just do dcpromo on the Server 2003 and be done with it?

4
Pulling my hair out on this.  Here are the contents of my zentyal.log when trying to save some network objects and getting the error, "The following modules failed while saving their changes, their state is unknown: dns"

2017/05/22 10:18:25 INFO> GlobalImpl.pm:625 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: network dns firew
all dhcp
2017/05/22 10:18:25 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: network
2017/05/22 10:18:28 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2017/05/22 10:18:31 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2017/05/22 10:18:34 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at root command nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/t1vPYvpDTh.cmd 2> /var/lib/zentyal/tmp/stderr', 'nsupdate -g -t 10
/var/lib/zentyal/tmp/Mit5dhpoCG', 512, 'ARRAY(0x7bac828)', 'ARRAY(0x47dbb40)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG') called at /usr/share/perl5/EBox/DNS.pm line 923
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x78e3450)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 941
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x78e3450)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x78e3450)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 657
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 656
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x6af1170)', 'progress', 'EBox::ProgressIndicator=HASH(0x6aa8b18)') called at /
usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x6a8dc98)', 'progress', 'EBox::ProgressIndicator=HASH(0x6aa8b18)') called at /usr/share/zent
yal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/05/22 10:18:34 ERROR> GlobalImpl.pm:661 EBox::GlobalImpl::saveAllModules - Failed to save changes in module dns: root command nsup
date -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG failed.
Error output: update failed: REFUSED

Command output: .
Exit value: 2
2017/05/22 10:18:34 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dhcp
2017/05/22 10:18:35 ERROR> GlobalImpl.pm:736 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes
, their state is unknown: dns  at The following modules failed while saving their changes, their state is unknown: dns  at /usr/share/p
erl5/EBox/GlobalImpl.pm line 736
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x6af1170)', 'progress', 'EBox::ProgressIndicator=HASH(0x6aa8b18)') called at /
usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x6a8dc98)', 'progress', 'EBox::ProgressIndicator=HASH(0x6aa8b18)') called at /usr/share/zent
yal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
scottz@zentyal:/var/log/zentyal$ nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG
could not open '/var/lib/zentyal/tmp/Mit5dhpoCG': permission denied
scottz@zentyal:/var/log/zentyal$ sudo nsupdate -g -t 10 /var/lib/zentyal/tmp/Mit5dhpoCG
update failed: REFUSED

5
Directory and Authentication / updating reverse DNS PTR records
« on: June 02, 2016, 03:20:32 pm »
Hi, using Zentyal Community Edition for about a week now and very impressed with all the hard work put into it.

I was wondering if there is a way I can get Zentyal's DNS to update/create the associated PTR record for a host in reverse DNS when it hands out an IP address by DHCP?

Microsoft's DHCP implementation does this and I'm sure Zentyal does too, just don't know where to configure it?


Pages: [1]