This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / error updating zentyal-core
« on: August 04, 2020, 02:44:58 am »
Tengo este error en zentyal-core al actualizar los paquetes.
Code: [Select]
administrator@servidor:~$ sudo apt upgrade
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
Calculando la actualización... Hecho
Los paquetes indicados a continuación se instalaron de forma automática y ya no son necesarios.
libllvm9 linux-headers-4.15.0-111 linux-headers-4.15.0-111-generic
linux-image-4.15.0-111-generic linux-modules-4.15.0-111-generic
linux-modules-extra-4.15.0-111-generic
Utilice «sudo apt autoremove» para eliminarlos.
Se instalarán los siguientes paquetes NUEVOS:
linux-headers-4.15.0-112 linux-headers-4.15.0-112-generic
linux-image-4.15.0-112-generic linux-modules-4.15.0-112-generic
linux-modules-extra-4.15.0-112-generic
Se actualizarán los siguientes paquetes:
firefox grub-common grub-pc grub-pc-bin grub2-common libllvm10 libmysqlclient20
librsvg2-2 librsvg2-common libseccomp2 linux-generic linux-headers-generic
linux-image-generic linux-libc-dev mysql-server python3-apt python3-distupgrade
ubuntu-release-upgrader-core zentyal-dhcp zentyal-dns zentyal-software
21 actualizados, 5 nuevos se instalarán, 0 para eliminar y 0 no actualizados.
16 no instalados del todo o eliminados.
Se necesita descargar 0 B/142 MB de archivos.
Se utilizarán 334 MB de espacio de disco adicional después de esta operación.
¿Desea continuar? [S/n] s
Preconfigurando paquetes ...
Configurando zentyal-core (6.1.6) ...
Connection DB Error: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
dpkg: error al procesar el paquete zentyal-core (--configure):
installed zentyal-core package post-installation script subprocess returned error exit status 2
Se encontraron errores al procesar:
zentyal-core
E: Sub-process /usr/bin/dpkg returned an error code (1)
administrator@servidor:~$ sudo zentyal-core --configure
sudo: zentyal-core: command not found
3
Contributions / Tips&Tricks / Features Requests / [HELP] How to enable forwarding for wireless network?
« on: April 26, 2019, 09:59:26 pm »
hello, greetings to the zentyal team.
I have zentyal 6.0 with an ethernet adapter and a TP-LINK wireless adapter model TL-WDN4800.
My zentyal server only works as an active domain controller directory.
From the ethernet adapter called as interface eth2 with the IP address 192.168.1.2 mask 255.255.255.0
get internet through this adapter through the 192.168.1.1 gateway which is a commercial UTM firewall.
The wireless adapter called as interface wlan0 with the IP address 192.168.137.1 mask 255.255.255.0.
/etc/network/interfaces
The DHCP server delivers IP addresses to the 192.168.137.1 interface with a range of 192.168.137.100 to 192.168.137.254 with DNS 8.8.8.8 and 8.8.4.4.
/etc/dhcp/dhcpd.conf
/etc/default/hostapd
we configure
/etc/hostapd/hostapd.conf
Start test
we create the service...
According to the guide I am reading, I must edit the configuration file: /etc/sysctl.conf
change: net.ipv4.ip_forward = 1
save.
add the configuration to the firewall.
sudo iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -o eth2 -j MASQUERADE
The problem is that this configuration is temporary, because zentyal when restarting does not save the change.
How can I enable Internet connection to wireless devices permanently?
I have zentyal 6.0 with an ethernet adapter and a TP-LINK wireless adapter model TL-WDN4800.
My zentyal server only works as an active domain controller directory.
From the ethernet adapter called as interface eth2 with the IP address 192.168.1.2 mask 255.255.255.0
get internet through this adapter through the 192.168.1.1 gateway which is a commercial UTM firewall.
The wireless adapter called as interface wlan0 with the IP address 192.168.137.1 mask 255.255.255.0.
/etc/network/interfaces
Code: [Select]
administrator@servidor:~$ cat /etc/network/interfaces
allow-hotplug lo eth2 wlan0
iface lo inet loopback
iface eth2 inet static
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
offload-gro off
offload-gso off
offload-tso off
iface wlan0 inet static
address 192.168.137.1
netmask 255.255.255.0
broadcast 192.168.137.255
offload-gro off
offload-gso off
offload-tso off
The DHCP server delivers IP addresses to the 192.168.137.1 interface with a range of 192.168.137.100 to 192.168.137.254 with DNS 8.8.8.8 and 8.8.4.4.
/etc/dhcp/dhcpd.conf
Code: [Select]
shared-network wlan0 {
subnet 192.168.137.0 netmask 255.255.255.0 {
option routers 192.168.137.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option ntp-servers 192.168.137.1;
default-lease-time 1800;
max-lease-time 7200;
pool {
next-server 192.168.137.1;
range 192.168.137.100 192.168.137.254;
}
}
group {
option routers 192.168.137.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option ntp-servers 192.168.137.1;
default-lease-time 1800;
max-lease-time 7200;
}
}
/etc/default/hostapd
Code: [Select]
administrator@servidor:~$ cat /etc/default/hostapd
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"
# Additional daemon options to be appended to hostapd command:-
# -d show more debug messages (-dd for even more)
# -K include key data in debug messages
# -t include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""
we configure
/etc/hostapd/hostapd.conf
Code: [Select]
# Plantilla de configuracion hostapd para router Wi-Fi 2.4 GHz generico modo abierto para Venezuela
# /etc/hostapd/hostapd.conf
# Adaptador PCI-E TP-LINK TL-WDN4800 N900
#
# Opciones Generales hostapd
#
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
interface=wlan0
#bridge=br0
driver=nl80211
#driver_params=
ssid=Internet Libre
#
# Ajustes regulatorios para Venezuela
#
ieee80211d=1
country_code=VE
# Entorno para Interiores: 0x49 Exteriores: 0x4f Todos los entornos: 0x20
#country3=0x49
#local_pwr_constraint=3
#spectrum_mgmt_required=1
#
# Opciones de Seguridad
#
ignore_broadcast_ssid=0
disassoc_low_ack=1
wpa=0
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny
#
# Ajustes de bandas IEEE 802.11 (b/g)
#
hw_mode=g
#
# Ajustes de banda IEEE 802.11n (n)
#
ieee80211n=1
require_ht=1
ht_capab=[LDPC][HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-3839][DSSS_CCK-40][MAX-A-MPDU-LEN-EXP3]
#
# Ajustes IEEE 802.11u-2011
#
#interworking=1
#access_network_type=3
#internet = 1
#venue_group=2
#venue_type=0
#
# QoS
#
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
#
# Ajustes Avanzados
#
channel=0
#acs_num_scans=5
#acs_chan_bias=1:0.8 6:0.8 11:0.8
#chanlist=1 6 11-13
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240
#beacon_rate=10
#preamble=1
#
# Registro
#
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
Start test
Code: [Select]
sudo hostapd -dd /etc/hostapd/hostapd.conf
Ctrl+C (exit)we create the service...
Code: [Select]
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-04-27 15:19:56 -04; 21min ago
Process: 18270 ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 18271 (hostapd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/hostapd.service
└─18271 /usr/sbin/hostapd -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf
abr 27 15:19:56 servidor systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator...
abr 27 15:19:56 servidor hostapd[18270]: Configuration file: /etc/hostapd/hostapd.conf
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
abr 27 15:19:56 servidor hostapd[18270]: ACS: Automatic channel selection started, this may take a bit
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state COUNTRY_UPDATE->ACS
abr 27 15:19:56 servidor hostapd[18270]: wlan0: ACS-STARTED
abr 27 15:19:56 servidor systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
I have hostapd installed and I already made my test configuration, which mobile devices connect but does not have internet.According to the guide I am reading, I must edit the configuration file: /etc/sysctl.conf
change: net.ipv4.ip_forward = 1
save.
add the configuration to the firewall.
sudo iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -o eth2 -j MASQUERADE
The problem is that this configuration is temporary, because zentyal when restarting does not save the change.
How can I enable Internet connection to wireless devices permanently?
4
Installation and Upgrades / [Help] remove hard drive that fails.
« on: April 19, 2019, 05:12:43 pm »
Greetings to the zentyal team.
I have a problem with a hard drive that installs my zentyal server. The hard drive is as storage for the HOME partition, which I have many music files and programs for PDQ Deploy software installations, to share on the network. Last week I installed 2 new hard drives to extend the volume, but I did not notice that one of them is the one that is failing, it is also a different model.
I need to remove without damaging the system, I made an attempt to remove it abruptly and zentyal does not start.
I have a problem with a hard drive that installs my zentyal server. The hard drive is as storage for the HOME partition, which I have many music files and programs for PDQ Deploy software installations, to share on the network. Last week I installed 2 new hard drives to extend the volume, but I did not notice that one of them is the one that is failing, it is also a different model.
Code: [Select]
administrator@servidor:~$ sudo lsscsi
[sudo] password for administrator:
[0:0:0:0] disk ATA WDC WD5000AAKX-0 1H15 /dev/sda
[1:0:0:0] disk ATA ST3750640NS 3CNR /dev/sdb
[4:0:0:0] disk ATA ST3750525AS JC45 /dev/sdc
[5:0:0:0] disk ATA ST3750640NS 3CNR /dev/sdd
[6:0:0:0] disk Generic STORAGE DEVICE 9833 /dev/sde
The problem is ST3750525AS with the extension /dev/sdcI need to remove without damaging the system, I made an attempt to remove it abruptly and zentyal does not start.
Code: [Select]
administrator@servidor:~$ sudo lsblk -fm
NAME FSTYPE LABEL UUID MOUNTPOINT SIZE OWNER GROUP MODE
sda 465,8G root disk brw-rw----
├─sda1 ext2 BOOT 694c0d39-ca9e-47f6-8cc9-c3ae7d107986 /boot 1,9G root disk brw-rw----
├─sda2 swap a7585f9d-98c4-4aee-b970-14f95e0ee81a [SWAP] 8G root disk brw-rw----
├─sda3 1K root disk brw-rw----
└─sda5 LVM2_member a7FzEB-amue-MqwT-i571-qR1P-m85V-CyZ6cn 455,9G root disk brw-rw----
├─servidor_vg-root_vl ext4 ROOT 565b1925-bb20-4a88-a765-56043b2828ee / 176,5G root disk brw-rw----
└─servidor_vg-srv_vl ext4 SRV 17922afb-d5a6-467a-bc74-39853afff2a0 /srv 279,4G root disk brw-rw----
sdb 698,7G root disk brw-rw----
└─sdb1 LVM2_member Erzj3X-1nuW-nDwi-SKEN-KYcC-VfEW-CtYc82 698,7G root disk brw-rw----
└─servidor_vg-storage_vl ext4 HOME 803e8428-0ff1-45f5-bcc4-d0e9906797ec /home 2T root disk brw-rw----
sdc 698,7G root disk brw-rw----
└─sdc1 LVM2_member A2dleM-MmRA-FWOn-30iD-wHdf-g2u5-308tsn 698,7G root disk brw-rw----
├─servidor_vg-backup_vl ext4 BACKUP 2a5b3339-b60b-4b8a-b8c5-1bc3e05eff86 /bak 46,7G root disk brw-rw----
└─servidor_vg-storage_vl ext4 HOME 803e8428-0ff1-45f5-bcc4-d0e9906797ec /home 2T root disk brw-rw----
sdd 698,7G root disk brw-rw----
└─sdd1 LVM2_member 2iY9uh-n3iA-Peg6-5u3L-oq5h-hS1d-RHwswE 698,7G root disk brw-rw----
└─servidor_vg-storage_vl ext4 HOME 803e8428-0ff1-45f5-bcc4-d0e9906797ec /home 2T root disk brw-rw----
Code: [Select]
administrator@servidor:~$ sudo lvdisplay
--- Logical volume ---
LV Path /dev/servidor_vg/root_vl
LV Name root_vl
VG Name servidor_vg
LV UUID giYw25-XP8J-YXAn-wckO-D8ur-2WTh-eP0gNT
LV Write Access read/write
LV Creation host, time servidor, 2019-03-01 17:37:21 -0400
LV Status available
# open 1
LV Size <176,49 GiB
Current LE 45181
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
--- Logical volume ---
LV Path /dev/servidor_vg/srv_vl
LV Name srv_vl
VG Name servidor_vg
LV UUID 9BYX7s-CZRg-xYEg-FXmG-6pDa-uI9A-BI1GoF
LV Write Access read/write
LV Creation host, time servidor, 2019-03-01 17:37:35 -0400
LV Status available
# open 1
LV Size <279,40 GiB
Current LE 71526
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:1
--- Logical volume ---
LV Path /dev/servidor_vg/backup_vl
LV Name backup_vl
VG Name servidor_vg
LV UUID kDHbDG-LZsx-qd78-a4QI-YHeW-ywJ1-fSP2aC
LV Write Access read/write
LV Creation host, time servidor, 2019-03-01 17:39:25 -0400
LV Status available
# open 1
LV Size 46,70 GiB
Current LE 11956
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:2
--- Logical volume ---
LV Path /dev/servidor_vg/storage_vl
LV Name storage_vl
VG Name servidor_vg
LV UUID Cjufl9-zSem-eSqA-m8Bk-RNHN-9r5R-L08pW2
LV Write Access read/write
LV Creation host, time servidor, 2019-03-01 17:39:35 -0400
LV Status available
# open 1
LV Size 2,00 TiB
Current LE 524594
Segments 3
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:3
Code: [Select]
administrator@servidor:~$ sudo vgdisplay
--- Volume group ---
VG Name servidor_vg
System ID
Format lvm2
Metadata Areas 4
Metadata Sequence No 9
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 4
Open LV 4
Max PV 0
Cur PV 4
Act PV 4
VG Size 2,49 TiB
PE Size 4,00 MiB
Total PE 653257
Alloc PE / Size 653257 / 2,49 TiB
Free PE / Size 0 / 0
VG UUID vBHTK9-fBf3-2N8d-k3qu-5rFL-9HZr-AiGkQ2
5
Directory and Authentication / [SOLVED] File Sharing does not work
« on: March 28, 2019, 10:34:42 pm »
hello, on my domain controller, create a folder for wallpapers. add security policies so that groups only reading and other groups with higher permissions can read and write.
it does not give me permission to read or write.
/etc/samba/smb.conf
/etc/samba/shares.conf
/home/samba/shares/wallpapers
will it be some permission of the folder?
it does not give me permission to read or write.
/etc/samba/smb.conf
Code: [Select]
administrator@servidor:~$ cat /etc/samba/smb.conf
[global]
workgroup = savidoca
realm = SAVIDOCA.COM
netbios name = servidor
server string = Zentyal Server
server role = dc
server role check:inhibit = yes
server services = -dns
server signing = auto
dsdb:schema update allowed = yes
ldap server require strong auth = no
drs:max object sync = 1200
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
rpc server dynamic port range = 49152-65535
interfaces = lo,eth2
bind interfaces only = yes
map to guest = Bad User
log level = 3
log file = /var/log/samba/samba.log
max log size = 100000
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/savidoca.com/scripts
browseable = no
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
/etc/samba/shares.conf
Code: [Select]
administrator@servidor:~$ cat /etc/samba/shares.conf
[homes]
comment = Directorios de usuario
path = /home/%S
read only = no
browseable = no
create mask = 0611
directory mask = 0711
vfs objects = acl_xattr full_audit
full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
# Shares
[wallpapers]
comment = fondos de pantalla
path = /home/samba/shares/wallpapers
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"cybers", @"vendedores", @"gerentes", @"tech"
read list = @"cybers", @"vendedores"
write list = @"gerentes", @"tech"
admin users =
vfs objects = acl_xattr full_audit
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
/home/samba/shares/wallpapers
Code: [Select]
administrator@servidor:~$ ls -la /home/samba/shares
total 16
drwxrwx---+ 3 root SAVIDOCA\domain users 4096 mar 25 11:15 .
drwxrwx---+ 4 root SAVIDOCA\domain users 4096 mar 2 12:51 ..
drwxrwx---+ 2 administrator adm 4096 mar 25 11:15 wallpapers
administrator@servidor:~$ ls -la /home/samba/shares/wallpapers
total 12
drwxrwx---+ 2 administrator adm 4096 mar 25 11:15 .
drwxrwx---+ 3 root SAVIDOCA\domain users 4096 mar 25 11:15 ..
Code: [Select]
administrator@servidor:~$ getfacl /home/samba/shares/wallpapers
getfacl: Removing leading '/' from absolute path names
# file: home/samba/shares/wallpapers
# owner: administrator
# group: adm
user::rwx
user:administrator:rwx
group::rwx
group:adm:rwx
group:SAVIDOCA\134domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::rwx
default:group:adm:rwx
default:group:SAVIDOCA\134domain\040admins:rwx
default:mask::rwx
default:other::---
will it be some permission of the folder?
6
Directory and Authentication / [Help] Domain controller, ports exposed to the Internet?
« on: March 18, 2019, 08:49:17 pm »
Greetings to Zentyal team.
I find the following doubt.
I have Zentyal Server 6.0 with the modules: domain controller, dns, network, dhcp, firewall, IPS, authority certificate, ftp, ntp and registry.
But the domain controller is not a gateway, I use another UTM solution as a firewall for my network.
my domain controller is "* .com" and I wanted to know what port should be exposed to the Internet?
I find the following doubt.
I have Zentyal Server 6.0 with the modules: domain controller, dns, network, dhcp, firewall, IPS, authority certificate, ftp, ntp and registry.
But the domain controller is not a gateway, I use another UTM solution as a firewall for my network.
my domain controller is "* .com" and I wanted to know what port should be exposed to the Internet?
Code: [Select]
tcp 0 0 192.168.1.2:135 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.1.1:135 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.0.1:135 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 127.0.1.1:139 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 192.168.1.2:139 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 192.168.1.2:464 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 127.0.1.1:464 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 172.16.251.1:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 172.16.14.1:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 201.210.227.42:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2569/named
tcp 0 0 192.168.1.2:88 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 127.0.1.1:88 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN 3276/samba
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2569/named
tcp 0 0 192.168.1.2:636 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.1.1:636 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.0.1:636 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 127.0.1.1:445 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 192.168.1.2:445 0.0.0.0:* LISTEN 3273/smbd
tcp 0 0 192.168.1.2:49152 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.1.1:49152 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.0.1:49152 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 192.168.1.2:49153 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.1.1:49153 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 192.168.1.2:49154 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.1.1:49154 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 127.0.0.1:49154 0.0.0.0:* LISTEN 3269/samba
tcp 0 0 192.168.1.2:3268 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.1.1:3268 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.0.1:3268 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 192.168.1.2:3269 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 192.168.1.2:389 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.1.1:3269 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.1.1:389 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.0.1:3269 0.0.0.0:* LISTEN 3274/samba
tcp 0 0 127.0.0.1:389 0.0.0.0:* LISTEN 3274/samba
7
Spanish / [Ayuda] Necesito Mudar el controlador de Dominio Zentyal 5.0 a otro Zentyal 6.0
« on: January 27, 2019, 09:29:18 pm »
Hola Buenas Tardes.
Necesito Mudar el Controlador de Dominio Directorio Activo de Zentyal 5.0 a otro Servidor Zentyal 6.0.
Alguien sabe como es el procedimiento?
Necesito Mudar el Controlador de Dominio Directorio Activo de Zentyal 5.0 a otro Servidor Zentyal 6.0.
Alguien sabe como es el procedimiento?
8
Directory and Authentication / Problems installing any graphical interface after installing AD-DC module.
« on: January 21, 2019, 06:23:50 am »
Hello to the zentyal team and its users.
I have several months trying to find the solution to this problem, when installing the graphical interface of zenbuntu-desktop or the same one of ubuntu-desktop. When the screen is locked in a login cycle when I try to enter my desktop. When I log in, the screen turns black and soon after the login screen reappears.
I took the job of doing several tests until I found the problem, modified the following files.
After installing the module: Active Directory Domain Controller.
He modifies the files:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/pam.d/common-session-noninteractive
I have several months trying to find the solution to this problem, when installing the graphical interface of zenbuntu-desktop or the same one of ubuntu-desktop. When the screen is locked in a login cycle when I try to enter my desktop. When I log in, the screen turns black and soon after the login screen reappears.
I took the job of doing several tests until I found the problem, modified the following files.
After installing the module: Active Directory Domain Controller.
He modifies the files:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/pam.d/common-session-noninteractive
Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-account.backup /etc/pam.d/common-account
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
< # here's the fallback if no module succeeds
< account requisite pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
> # pre_auth-client-config # account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # account requisite pam_deny.so
23,25c24,30
< account required pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< # end of pam-auth-update config
---
> # pre_auth-client-config # account required pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # # end of pam-auth-update config
> account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
> account requisite pam_deny.so
> account required pam_permit.so
> account sufficient pam_localuser.so
Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-auth.backup /etc/pam.d/common-auth
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< auth [success=1 default=ignore] pam_unix.so nullok_secure
< # here's the fallback if no module succeeds
< auth requisite pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # auth [success=2 default=ignore] pam_unix.so nullok_secure
> # pre_auth-client-config # auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # auth requisite pam_deny.so
23,26c24,31
< auth required pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< auth optional pam_cap.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # auth required pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # auth optional pam_cap.so
> # pre_auth-client-config # # end of pam-auth-update config
> auth [success=1 default=ignore] pam_unix.so nullok_secure
> auth requisite pam_deny.so
> auth required pam_permit.so
> auth optional pam_cap.so
Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-password.backup /etc/pam.d/common-password
24,27c24,29
< # here are the per-package modules (the "Primary" block)
< password [success=1 default=ignore] pam_unix.so obscure sha512
< # here's the fallback if no module succeeds
< password requisite pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # password requisite pam_pwquality.so retry=3
> # pre_auth-client-config # password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
> # pre_auth-client-config # password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # password requisite pam_deny.so
31,34c33,40
< password required pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< password optional pam_gnome_keyring.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # password required pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # password optional pam_gnome_keyring.so
> # pre_auth-client-config # # end of pam-auth-update config
> password requisite pam_pwquality.so retry=3
> password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
> password requisite pam_deny.so
> password required pam_permit.so
Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session.backup /etc/pam.d/common-session
15,18c15,18
< # here are the per-package modules (the "Primary" block)
< session [default=1] pam_permit.so
< # here's the fallback if no module succeeds
< session requisite pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # session [default=1] pam_permit.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # session requisite pam_deny.so
22c22
< session required pam_permit.so
---
> # pre_auth-client-config # session required pam_permit.so
27,31c27,38
< session optional pam_umask.so
< # and here are more per-package modules (the "Additional" block)
< session required pam_unix.so
< session optional pam_systemd.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # session optional pam_umask.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # session required pam_unix.so
> # pre_auth-client-config # session optional pam_winbind.so
> # pre_auth-client-config # session optional pam_systemd.so
> # pre_auth-client-config # # end of pam-auth-update config
> session [default=1] pam_permit.so
> session requisite pam_deny.so
> session required pam_permit.so
> session optional pam_umask.so
> session required pam_unix.so
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session-noninteractive.backup /etc/pam.d/common-session-noninteractive
29a30
> session optional pam_winbind.so
9
Spanish / [Solucion] Apagones, error initramfs
« on: September 08, 2018, 11:31:16 pm »
Hola, esto me paso ayer, con los constantes apagones. ya que la batería del ups de mi servidor se venció.
Pues al arrancar el sistema operativo de ubuntu bajo zentyal, quedo en el error (initramfs)
Para repararlo se hace el siguiente comando:
sfck /dev/mapper/<hostname>--<LVMgroup-root> -y
como mi disco esta particionado LVM
Mi hostname es: SERVIDOR
Mi grupo LVM es vg_servidor
Mi volumen LVM es donde esta el sistema operativo: root
Espero que sea de ayuda para los que están comenzando.
Pues al arrancar el sistema operativo de ubuntu bajo zentyal, quedo en el error (initramfs)
Para repararlo se hace el siguiente comando:
sfck /dev/mapper/<hostname>--<LVMgroup-root> -y
como mi disco esta particionado LVM
Mi hostname es: SERVIDOR
Mi grupo LVM es vg_servidor
Mi volumen LVM es donde esta el sistema operativo: root
Code: [Select]
sfck /dev/mapper/SERVIDOR--vg_servidor-root -y
reboot
Espero que sea de ayuda para los que están comenzando.
10
Spanish / [Desarrollo] Bash Script Samba-AD-DC Bind9_DLZ Backend
« on: August 15, 2018, 07:36:33 am »
Descripción: Script Bash como alternativa para crear un servidor Samba Directorio Activo, Controlador de Dominio DNS Bind9_DLZ Backend para Ubuntu Server 18.04 LTS.
Nota: En desarrollo, solo para pruebas, no intente usar en entorno producción.
Primero identifiquemos los interfaz de red:
resultado:
edite /etc/netplan/01-netcfg.yaml para configurar los adaptadores de red, el nombre de cada adaptador puede ser diferente en su equipo.
ejemplo:
aplicar cambios
Esta en desarrollo.
Samba-ad-dc_DNS-Backend.sh
pastebin: https://pastebin.com/LK6vfKpT
Nota: En desarrollo, solo para pruebas, no intente usar en entorno producción.
Primero identifiquemos los interfaz de red:
Code: [Select]
ip -o link show | awk -F': ' '{print $2}'
resultado:
Code: [Select]
lo
enp4s0
enp4s1
enp6s0
wlp5s0
edite /etc/netplan/01-netcfg.yaml para configurar los adaptadores de red, el nombre de cada adaptador puede ser diferente en su equipo.
ejemplo:
Code: [Select]
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp6s0:
dhcp4: no
addresses: [192.168.1.2/24]
gateway4: 192.168.1.1
nameservers:
search: [savidoca.com]
addresses: [192.168.1.1,192.168.1.2]
enp4s0:
dhcp4: yes
dhcp6: yes
enp4s1:
dhcp4: yes
dhcp6: yes
wlp5s0:
dhcp4: yes
dhcp6: yes
aplicar cambios
Code: [Select]
sudo netplan apply
Esta en desarrollo.
Samba-ad-dc_DNS-Backend.sh
pastebin: https://pastebin.com/LK6vfKpT
Code: [Select]
#!/bin/bash
# Autor: John Llewelyn
# Description: Instalar Samba Directorio Activo, Controlador de Dominio Bind9_DLZ DNS Backend
echo 'Configure la contraseña root'
sudo passwd root
clear
read -p 'Introduzca el nombre de host, ejemplo [ servidor ]: ' hostname
clear
read -p 'Introduzca el nombre de dominio, ejemplo [ savidoca.com ]: ' domain
clear
read -p 'Introduzca el nombre de grupo de trabajo, ejemplo [ SAVIDOCA ]: ' workgroup
clear
read -p 'Introduzca la direccion IP de su red, ejemplo [ 192.168.1.0/24 ]: ' network
clear
read -p 'Introduzca la direccion IP broadcast de su red, ejemplo [ 192.168.1.255 ]: ' broadcast
clear
read -p 'Introduzca la direccion IP del AD DC, ejemplo [ 192.168.1.2 ]: ' ipaddress
clear
read -p 'Introduzca la direccion IP de su gateway, ejemplo [ 192.168.1.1 ]: ' gw
clear
read -p 'Introduzca la direccion IP inversa de su AD DC, ejemplo: [ 1.168.192 ]: ' reverse
clear
read -p 'Introduzca las direcciones DNS reenviadores para su AD DC, ejemplo: [ 8.8.8.8;8.8.4.4; ] ' forwarders
clear
read -sp 'Introduzca la contraseña para AD: ' password
clear
echo el nombre de tu host es: $hostname
echo el nombre de dominio es: $domain
echo el nombre de tu grupo de trabajo es: $workgroup
echo el esquema de la tu red es: $network
echo el broadcast de tu red es: $broadcast
echo la direccion ip de tu AD DC es: $ipaddress
echo la direccion ip de tu gateway es: $gw
echo la direccion inversa de tu dominio es: $reverse.in-addr.arpa.
echo la direcciones DNS reenviadores son: $forwarders
read -p "Esta seguro que estos son los datos correctos? " -n 1 -r
echo # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
clear
# Ajustes hostname, resolvconf, hosts, acl, attr
sudo hostnamectl set-hostname "$hostname"
sudo bash -c 'echo -e "nameserver $ipaddress\ndomain $domain" > /etc/resolvconf/resolv.conf.d/tail'
sudo chmod 644 /etc/resolvconf/resolv.conf.d/tail
sudo resolvconf -u
sudo bash -c 'echo -e "127.0.0.1 localhost localhost.localdomain\n$ipaddress $hostname $hostname.$domain\n# The following lines are desirable for IPv6 capable hosts\n::1 ip6-localhost ip6-loopback\nfe00::0 ip6-localnet\nff00::0 ip6-mcastprefix\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters\nff02::3 ip6-allhosts" > /etc/hosts'
sudo sed -i.old -r '/[ \t]\/[ \t]/{s/(ext4[\t ]*)([^\t ]*)/\1\2,user_xattr,acl,barrier=1/}' /etc/fstab
sudo mount -a -o remount,rw /
# Instalando samba, krb5, winbind, bind9, chrony, openssl
sudo apt install acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user krb5-config krb5-locales bind9 bind9utils bind9-doc binutils ldb-tools chrony openssl isc-dhcp-server -y
# Preparando Servicio samba-ad-dc
sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service
sudo systemctl unmask samba-ad-dc
sudo rm -f /etc/samba/smb.conf
sudo rm -f /var/run/samba/*.[t,l]db
sudo rm -f /var/lib/samba/*.[t,l]db
sudo rm -f /var/cache/samba/*.[t,l]db
sudo rm -f /var/lib/samba/private/*.[t,l]db
sudo rm -r /var/lib/samba/sysvol/*
# provisionando ad-dc
sudo samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=$domain --domain=$workgroup --function-level=2008_R2 --adminpass=$password
# Ajustes krb5.conf
sudo rm -f /etc/krb5.conf
sudo ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
sudo sed -i "/dns_lookup_kdc = true/a \ rdns = no" /var/lib/samba/private/krb5.conf
# Ajustes smb.conf
sudo sed -i "/[global]/a security = auto" /etc/samba/smb.conf
sudo sed -i "/security = auto/a allow dns updates = secure only" /etc/samba/smb.conf
sudo sed -ri 's/server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate/server services = -dns/g' /etc/samba/smb.conf
sudo sed -i "/workgroup = $workgroup/a /n# dns forwarder = $ipaddress" /etc/samba/smb.conf
sudo sed -i "/dns forwarder = /a # interfaces = " /etc/samba/smb.conf
sudo sed -i "/interfaces = /a # bind interfaces only = yes" /etc/samba/smb.conf
sudo sed -i "/idmap_ldb:use rfc2307 = yes/a n\ # Default idmap config for local BUILTIN accounts and groups\n idmap config * : backend = tdb\n idmap config * : range = 3000-7999" /etc/samba/smb.conf
sudo sed -i "/idmap config * : range = /a n\ # idmap config for the $workgroup domain\n idmap config $workgroup:backend = ad\n idmap config $workgroup:schema_mode = rfc2307\n idmap config $workgroup:range = 10000-999999" /etc/samba/smb.conf
sudo sed -i "/idmap config $workgroup:range = /a n\ idmap config $workgroup: unix_nss_info = yes\n idmap config $workgroup: unix_primary_group = yes" /etc/samba/smb.conf
sudo sed -i "/unix_primary_group = /a n\ # Template settings for login shell and home directory\n template shell = /bin/bash\n template homedir = /home/%U" /etc/samba/smb.conf
sudo sed -i "/template homedir/a n\ winbind enum users = yes\n winbind enum groups = yes\n winbind use default domain = yes\n winbind use default domain = yes\n winbind offline logon = no\n winbind cache time = 300\n winbind nss info = rfc2307" /etc/samba/smb.conf
sudo sed -i "/winbind nss info = /a n\ server signing = auto\n# server role check:inhibit = yes\n# dsdb:schema update allowed = yes\n# drs:max object sync = 1200\n# kernel share modes = yes\n# client use spnego = yes\n# client NTLMv2 auth = yes\n# client min protocol = SMB2\n# client max protocol = SMB3\n# server min protocol = SMB2\n# server max protocol = SMB3\n restrict anonymous = 2\n map to guest = Never" /etc/samba/smb.conf
sudo sed -i "/map to guest/a n\log level = 3" /etc/samba/smb.conf
sudo sed -i "/log level/a log file = /var/log/samba/samba.log" /etc/samba/smb.conf
sudo sed -i "/log file/a max log size = 100000" /etc/samba/smb.conf
sudo sed -i "/max log size/a \n# Configuring LDAP over SSL (LDAPS)\ntls enabled = yes\ntls keyfile = tls/samba.key\ntls certfile = tls/samba.crt\ntls cafile = " /etc/samba/smb.conf
sudo sed -i "/tls cafile/a n\# printing = CUPS" /etc/samba/smb.conf
sudo sed -i "/printing = /a n\# include = /etc/samba/shares.conf\n# include = /etc/samba/profiles.conf\n# include = /etc/samba/printers.conf" /etc/samba/smb.conf
# Incompleto falta modificar 1 linea.
# Roaming Windows User Profiles
sudo bash -c 'echo -e "[profiles]\n comment = Users profiles\n path = /srv/samba/profiles/\n browseable = No\n read only = No\n force create mode = 0600\n force directory mode = 0700\n csc policy = disable\n store dos attributes = yes\n vfs objects = acl_xattr" >> /etc/samba/profiles.conf'
sudo mkdir -p /srv/samba/profiles/
sudo chgrp -R "Domain Users" /srv/samba/profiles/
sudo chmod 1750 /srv/samba/profiles/
# Creando /etc/samba/shares.conf
sudo bash -c 'echo -e "[homes]\n comment = Directorios de usuario\n path = /home/%S\n read only = no\n browseable = no\n create mask = 0611\n directory mask = 0711\n vfs objects = acl_xattr full_audit\n full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename\n full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename" >> /etc/samba/shares.conf'
# Creando /etc/samba/printers.conf
sudo bash -c 'echo -e "[printers]\n path = /var/spool/samba/\n printable = yes" >> /etc/samba/printers.conf'
mkdir -p /var/spool/samba/
chmod 1777 /var/spool/samba/
# smbcontrol all reload-config
# Ajustes windbind , PAM
sudo sed -ri 's/passwd: compat systemd/passwd: compat winbind/g' /etc/nsswitch.conf
sudo sed -ri 's/group: compat systemd/group: compat winbind/g' /etc/nsswitch.conf
sudo sed -ri 's/dns myhostname/dns mdns/g' /etc/nsswitch.conf
# sudo sed -ri 's/pam_winbind.so use_authtok try_first_pass/pam_winbind.so try_first_pass/g' /etc/pam.d/common-password
sudo pam-auth-update
# Ajustes Bind9
sudo wget -q -O /etc/bind/db.root http://www.internic.net/zones/named.root
sudo wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11
sudo bash -c 'echo -e "include \"/var/lib/samba/private/named.conf\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/named.conf.logging\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/rndc.key\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/rndc.conf\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "controls {\n inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };\n};" >> /etc/bind/rndc.conf'
sudo chgrp bind /var/lib/samba/private/dns.keytab
sudo chmod g+r /var/lib/samba/private/dns.keytab
sudo rndc-confgen -a
sudo chown root:bind /etc/bind/rndc.key
sudo chmod 640 /etc/bind/rndc.key
sudo sed -i "/directory/a \ sortlist {\n { $network ;{ $network ; };};\n };" /etc/bind/named.conf.options
sudo cp -b /etc/bind/db.local /var/lib/bind/db.$reverse
sudo chown bind:bind /var/lib/bind/db.$reverse
sudo chmod 640 /var/lib/bind/db.$reverse
sudo sed -ri 's/RESOLVCONF=no/RESOLVCONF=yes/g' /etc/default/bind9
sudo bash -c 'echo -e "acl "trusted" {\n localhost;\n localnets;\n};\n\nacl "internal-local-nets" {\n $network;\n};\n" >> /etc/bind/named.conf.local'
sudo bash -c 'echo -e "zone "$reverse.in-addr.arpa" {\n type master;\n file \"/var/lib/bind/db.$reverse\";\n update-policy {\n // The only allowed dynamic updates are PTR records\n grant $domain. subdomain $reverse.in-addr.arpa. PTR TXT;\n // Grant from localhost\n grant local-ddns zonesub any;\n };\n};\n" >> /etc/bind/named.conf.local'
sudo sed -i "/directory/a \ cleaning-interval 1440;\n max-cache-ttl 2419200;\n max-ncache-ttl 86400;\n max-cache-size unlimited;\n stacksize unlimited;\n datasize unlimited;\n coresize unlimited;\n \n listen-on { any; };" /etc/bind/named.conf.options
sudo sed -i "/listen-on-v6/a \ allow-query { any; };\n allow-recursion { trusted; };\n allow-query-cache { trusted; };\n allow-transfer { none; };\n notify no;" /etc/bind/named.conf.options
sudo sed -i "/dnssec-validation/a \ #dnssec-lookaside auto;" /etc/bind/named.conf.options
sudo sed -i 's[// forwarders[forwarders[g' /etc/bind/named.conf.options
sudo sed -i "s[// \t0.0.0.0;[ $forwarders[g" /etc/bind/named.conf.options
sudo sed -i "s[// };[};[g" /etc/bind/named.conf.options
sudo sed -i "/listen-on-v6/a \ tkey-gssapi-keytab\"/var/lib/samba/private/dns.keytab\";" /etc/bind/named.conf.options
sudo sed -i "/tkey-gssapi-keytab/i \ // DNS dynamic updates via Kerberos "/var/lib/samba/private/dns.keytab";" /etc/bind/named.conf.options
sudo sed -i "/notify no/a \ empty-zones-enable no;" /etc/bind/named.conf.options
sudo sed -i 's[//include[include[g' /etc/bind/named.conf.local
sudo bash -c 'echo -e "# Samba4 DLZ and Active Directory Zones (default source installation)\n/usr/lib/x86_64-linux-gnu/ldb/** rwmk,\n/usr/lib/x86_64-linux-gnu/samba/** rwmk,\n/var/lib/samba/** rm,\n/var/lib/samba/private/dns/** rwmk,\n/etc/samba/smb.conf r,\n/var/lib/samba/private/named.conf r,\n/var/lib/samba/private/dns.keytab r,\n/etc/bind/rndc.key r,\n/var/tmp/** rwmk,\n/dev/urandom rw,\n/var/log/bind/** rw," >> /etc/apparmor.d/local/usr.sbin.named'
sudo bash -c 'echo -e "logging {\n channel update_debug {\n file \"/var/log/update_debug.log\" versions 3 size 100k;\n severity debug;\n print-severity yes;\n print-time yes;\n };\n channel security_info {\n file \"/var/log/security_info.log\" versions 1 size 100k;\n severity info;\n print-severity yes;\n print-time yes;\n };\n channel bind_log {\n file \"/var/log/bind.log\" versions 3 size 1m;\n severity info;\n print-category yes;\n print-severity yes;\n print-time yes;\n };\n\n category default { bind_log; };\n category lame-servers { null; };\n category update { update_debug; };\n category update-security { update_debug; };\n category security { security_info; };\n};" >> /etc/bind/named.conf.logging'
sudo mkdir -p /var/log/bind
sudo chown -R bind:root /var/log/bind
sudo chmod -R 775 /var/log/bind
# Ajustes NTP
sudo bash -c 'echo -e "# samba4 ntp signing socket\n/var/lib/samba/ntp_signd/socket rw," >> /etc/apparmor.d/local/usr.sbin.chronyd'
sudo install -d /var/lib/samba/ntp_signd
sudo chown root:_chrony /var/lib/samba/ntp_signd
sudo chmod 750 /var/lib/samba/ntp_signd
sudo sed -ri 's/pool ntp.ubuntu.com iburst maxsources 4/server 0.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 0.ubuntu.pool.ntp.org iburst maxsources 1/server 1.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 1.ubuntu.pool.ntp.org iburst maxsources 1/server 2.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 2.ubuntu.pool.ntp.org iburst maxsources 2/server 3.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo bash -c 'echo -e "# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the\n# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive.\nhwclockfile /etc/adjtime" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "bindcmdaddress $ipaddress" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "broadcast 60 $broadcast" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "allow $network" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "ntpsigndsocket /var/lib/samba/ntp_signd" >> /etc/chrony/chrony.conf'
sudo timedatectl set-local-rtc 1
# Certificado autofirmado
sudo rm -f /var/lib/samba/private/tls/cert.pem
sudo rm -f /var/lib/samba/private/tls/key.pem
sudo rm -f /var/lib/samba/private/tls/ca.pem
# sudo openssl req -newkey rsa:2048 -keyout /var/lib/samba/private/tls/samba.key -nodes -x509 -days 365 -out /var/lib/samba/private/tls/samba.crt
# sudo chmod 600 /var/lib/samba/private/tls/samba.key
# Certificado de confianza
sudo openssl genrsa -out /var/lib/samba/private/tls/samba.key 2048
sudo openssl req -new -key /var/lib/samba/private/tls/samba.key -out /var/lib/samba/private/tls/samba.csr
sudo openssl x509 -req -days 365 -in /var/lib/samba/private/tls/samba.csr -signkey /var/lib/samba/private/tls/samba.key -out /var/lib/samba/private/tls/samba.crt
sudo chmod 600 /var/lib/samba/private/tls/samba.key
sudo systemctl start samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo systemctl daemon-reload
sudo systemctl reload apparmor
sudo systemctl restart systemd-networkd
sudo systemctl restart systemd-resolved
sudo systemctl restart bind9
sudo systemctl restart chrony
kinit administrator@$domain
sudo samba-tool group addmembers DnsAdmins dns-$hostname
sudo samba-tool user setpassword administrator
sudo samba-tool user setexpiry administrator --noexpiry
sudo samba-tool domain passwordsettings set --complexity=on
sudo samba-tool domain passwordsettings set --store-plaintext=off
sudo samba-tool domain passwordsettings set --history-length=0
sudo samba-tool domain passwordsettings set --min-pwd-age=0
sudo samba-tool domain passwordsettings set --max-pwd-age=0
sudo samba-tool domain passwordsettings set --min-pwd-length=7
sudo samba-tool domain passwordsettings set --account-lockout-duration=30
sudo samba-tool domain passwordsettings set --account-lockout-threshold=0
sudo samba-tool domain passwordsettings set --reset-account-lockout-after=30
# Configurando DHCP Server
sudo samba-tool user create dhcpduser --description="Unprivileged user for TSIG-GSSAPI DNS updates via ISC DHCP server" --random-password
sudo samba-tool user setexpiry dhcpduser --noexpiry
sudo samba-tool group addmembers DnsAdmins dhcpduser
sudo samba-tool domain exportkeytab --principal=dhcpduser@$domain /etc/isc-dhcp-server/dhcpduser.keytab
# incompleto en desarrollo
exit 0
11
Spanish / [Ayuda] Bash Script instalación automatizada de AD DC DNS Backend
« on: July 29, 2018, 01:55:55 am »
Hola, saludos a la comunidad de Zentyal.
Haciendo uso de este espacio para solicitar ayuda, estoy haciendo un bash script que automatice la instalación de un Directorio Activo con soporte SMB/CIFs, CUPS, Bosque y Árbol funcional Windows Server 2012_R2, Controlador de Dominio primario y esclavo DNS Backend con soporte de MySQL para instalar con facilidad en varios servidores Ubuntu Server 16.04 LTS y que se actualice automáticamente los paquetes sin dañar la instalación.
Otro script que facilite la inserción muchos usuarios con su respectivas unidades organizativas y grupos.
La idea es para los que nos toca empresas medianas y grandes.
El problema es que hay muchas guías pero de diferentes maneras de instalar, otras incompletas.
lo que necesito es información concreta para ir construyendo un script bash, quede al final perfecto y compartido con ustedes.
El bash script debe ser interactivo, preguntar los datos de configuración para luego instalar y configurar todos los servicios.
también Zentyal puede hacer uso de el script para mejoras del producto.
Necesito Guías de manera correcta:
Instalar Samba
Instalar Bind
Instalar MySQL Server
Instalar DHCP Server
Instalar NTP Server
Instalar TFTP Server
Configurar para el servidor AD DC SMB/CIFs CUPS DNS Backend con soporte DLZ y MySQL
Firewall y permisos.
Tengo un equipo el cual voy hacer pruebas.
Haciendo uso de este espacio para solicitar ayuda, estoy haciendo un bash script que automatice la instalación de un Directorio Activo con soporte SMB/CIFs, CUPS, Bosque y Árbol funcional Windows Server 2012_R2, Controlador de Dominio primario y esclavo DNS Backend con soporte de MySQL para instalar con facilidad en varios servidores Ubuntu Server 16.04 LTS y que se actualice automáticamente los paquetes sin dañar la instalación.
Otro script que facilite la inserción muchos usuarios con su respectivas unidades organizativas y grupos.
La idea es para los que nos toca empresas medianas y grandes.
El problema es que hay muchas guías pero de diferentes maneras de instalar, otras incompletas.
lo que necesito es información concreta para ir construyendo un script bash, quede al final perfecto y compartido con ustedes.
El bash script debe ser interactivo, preguntar los datos de configuración para luego instalar y configurar todos los servicios.
también Zentyal puede hacer uso de el script para mejoras del producto.
Necesito Guías de manera correcta:
Instalar Samba
Instalar Bind
Instalar MySQL Server
Instalar DHCP Server
Instalar NTP Server
Instalar TFTP Server
Configurar para el servidor AD DC SMB/CIFs CUPS DNS Backend con soporte DLZ y MySQL
Firewall y permisos.
Tengo un equipo el cual voy hacer pruebas.
12
Directory and Authentication / Error restarting DNS service
« on: July 16, 2018, 05:09:15 pm »
Some time ago I have this error, since I updated from version 5.0 to 5.1.
Every so often I lose connectivity with the active directory and the computers lose access to the shared folders and do not login with the domain.
After inquiring, it is a problem to have to restart the server completely. Try restarting the DNS service and it is not possible.
Every so often I lose connectivity with the active directory and the computers lose access to the shared folders and do not login with the domain.
After inquiring, it is a problem to have to restart the server completely. Try restarting the DNS service and it is not possible.
Code: [Select]
Command output: .
Exit value: 1
2018/07/16 10:58:12 ERROR> Service.pm:967 EBox::Module::Service::restartService - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/UUoao5tSs8 failed.
2018/07/16 10:58:12 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/UUoao5tSs8 failed.
Error output: ; Communication with 127.0.1.1#53 failed: timed out
dns_request_createvia3: address family not supported
Command output: .
Exit value: 1
Code: [Select]
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (running) since lun 2018-07-16 10:58:01 -04; 1h 30min ago
Docs: man:named(8)
Process: 12593 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 12600 (named)
Tasks: 7
Memory: 45.8M
CPU: 17.304s
CGroup: /system.slice/bind9.service
└─12600 /usr/sbin/named -f -u bind -4
jul 16 11:43:55 servidor named[12600]: client 192.168.1.105#60346: update 'savidoca.com/IN' denied
jul 16 11:43:55 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: starting transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: client 192.168.1.111#65288: update 'savidoca.com/IN' denied
jul 16 11:46:19 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: starting transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: disallowing update of signer=M11\$\@SAVIDOCA.COM name=M11.savidoca.com type=
jul 16 11:46:19 servidor named[12600]: client 192.168.1.111#57933/key M11\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE':
jul 16 11:46:19 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
lines 1-23
Code: [Select]
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (running) since lun 2018-07-16 18:06:00 -04; 16min ago
Docs: man:named(8)
Process: 11040 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 11048 (named)
Tasks: 7
Memory: 51.1M
CPU: 2.915s
CGroup: /system.slice/bind9.service
└─11048 /usr/sbin/named -f -u bind -4
jul 16 18:07:46 servidor named[11048]: client 192.168.1.108#58217/key M08\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE': adding an RR at 'M08.savidoca.com' A 192.168.1.108
jul 16 18:07:46 servidor named[11048]: samba_dlz: added rdataset M08.savidoca.com 'M08.savidoca.com. 1200 IN A 192.168.1.108'
jul 16 18:07:46 servidor named[11048]: samba_dlz: committed transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: starting transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: client 192.168.1.111#55467: update 'savidoca.com/IN' denied
jul 16 18:13:26 servidor named[11048]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: starting transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: disallowing update of signer=M11\$\@SAVIDOCA.COM name=M11.savidoca.com type=AAAA error=insufficient access rights
jul 16 18:13:26 servidor named[11048]: client 192.168.1.111#51058/key M11\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE': update failed: rejected by secure update (REFUSED)
jul 16 18:13:26 servidor named[11048]: samba_dlz: cancelling transaction on zone savidoca.com
13
Other modules / There are missing options to the FTP module.
« on: May 22, 2018, 08:32:23 pm »
There are missing options to the FTP module such as:
customize the anonymous FTP directory path to store in other units.
maximum speed downloads and loads allowed, maximum connections allowed for anonymous users.
Settings as FTP Active Mode or FTP Passive Mode.
FTP and FTPS settings.
customize the anonymous FTP directory path to store in other units.
maximum speed downloads and loads allowed, maximum connections allowed for anonymous users.
Settings as FTP Active Mode or FTP Passive Mode.
FTP and FTPS settings.
14
Spanish / [Solucion] Error en la relación de confianza de nuestra estación de trabajo y DC
« on: May 15, 2018, 09:18:20 pm »
Hola amigos, por si tienen este problema muy frecuente de "Error en la relación de confianza entre la estación de trabajo y el dominio Principal", aquí esta la solución:
https://www.youtube.com/watch?v=oOdCK3RhksA
también recomiendo leer este articulo:
https://theitbros.com/fix-trust-relationship-failed-without-domain-rejoining/
https://www.youtube.com/watch?v=oOdCK3RhksA
también recomiendo leer este articulo:
https://theitbros.com/fix-trust-relationship-failed-without-domain-rejoining/
15
Directory and Authentication / [HELP] DNS Service
« on: April 16, 2018, 07:23:08 pm »
Hello friends from the Zentyal community.
I have a server with Zentyal 5.1.1
I have a new problem with DNS names.
I have a firewall server with the Kerio Control operating system with 2 network adapters with Internet input and output and another server within the Zentyal network with the ip address 192.168.1.2.
My Zentyal Server is created with the name savidoca.com
My Firewall server is called firewall.savidoca.com
I'm having a problem with the name, I do not know if this is serious since the address www.tvfanb.mil.ve points to my DNS server and I do not know if the problem is from the military institution or something I did wrong.
http://www.tvfanb.mil.ve.ipaddress.com/
I have a server with Zentyal 5.1.1
I have a new problem with DNS names.
I have a firewall server with the Kerio Control operating system with 2 network adapters with Internet input and output and another server within the Zentyal network with the ip address 192.168.1.2.
My Zentyal Server is created with the name savidoca.com
My Firewall server is called firewall.savidoca.com
I'm having a problem with the name, I do not know if this is serious since the address www.tvfanb.mil.ve points to my DNS server and I do not know if the problem is from the military institution or something I did wrong.
http://www.tvfanb.mil.ve.ipaddress.com/
Pages: [1] 2