Messages

1

Installation and Upgrades / Re: http-proxy SSO (single sign on) zentyal 3.0 - problem

« on: July 29, 2013, 05:11:17 pm »

After, what seemed about, 100+ attempts to get SSO to work I found the setup sequence that seems to work. I thought I would share. I have gotten this to work with both 3.0.22 and 3.1-1 Beta in an AD 2003 environment.

• Install Zentyal
• During setup/component selection install only the Network objects (configuration).
• Configure network settings & start networking module - Interfaces, gateways, etc. Test to ensure you can reach the outside world (if you’re not using Zentyal as a gateway).
• Update components & system - It worked without updating as well.
• Install File Sharing & Domain Services including dependents.
• Configure File Sharing & Start (including depends) - Ensure that users and groups sync. I let it sit for about an hour. I also checked my PDC (AD Sites & Services and System/Event logs) to make sure the replication settings were created and working properly.
• At this point the Network, DNS, Events, Logs, NTP, Users and Groups and File Sharing modules were setup and running correctly.
• Install the HTTP Proxy (Cache and Filter) – do not start it yet.
• Setup a test filter with some Domains and URLs to allow/block and save. I’m using Zentyal to block all domains (for non-manager employees) except those on a whitelist so I added one safe URL to the list to test.
• Assign that test filter to an AD group using Access Rules and save.
• Configure the Proxy general settings to enable SSO (Kerberos) save and start the proxy module.
• Sign on to a Windows client and configure IE to point to the new proxy using its hostname (e.g.  zenserv) – The Zentyal documentation states that SSO will not function if you point to the IP address. If the client was already started, reboot.
• Test – you should be able to start IE and reach the site on the safe/white list and everything else should be blocked. If you see a logon prompt when IE starts it more than likely did not work.

Hope that helps someone. Good luck!

2

Installation and Upgrades / Joining a domain that has trust relationships

« on: June 25, 2013, 06:35:42 pm »

Greetings,

I’m attempting to configure Zentyal as an additional domain controller and am receiving the following error when starting the File Sharing module, “The domain you are trying to join has trust relationships defined. At the moment this is not supported by samba.”

Is there any way to configure Samba so that it ignores the trust and allows joining to the domain?

3

Installation and Upgrades / Re: Problem Setting Up Additional Domain Controller

« on: December 10, 2012, 10:53:42 pm »

Anyone had any luck yet getting arround this issue.

I ended up installing Zentyal 2.2 and have had no issues so far.

4

Installation and Upgrades / Re: Problem Setting Up Additional Domain Controller

« on: December 05, 2012, 09:13:18 pm »

Wanted to add that I have been having this issue as well. I'm new to Zentyal and would like to use it for content filtering. When attempting to configure it as an additional domain controller I receive the same message "The server domain and Kerberos realm must match the domain you are trying to join." I however am using an internal domain that ends in .com.

Taking a look at the krb5.conf file (if that is the correct conf file) I see that the realm does in fact match the domain.