Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - JLLEWELYN

Pages: [1] 2
1
Installation and Upgrades / error updating zentyal-core
« on: August 04, 2020, 02:44:58 am »
Tengo este error en zentyal-core al actualizar los paquetes.
Code: [Select]
administrator@servidor:~$ sudo apt upgrade
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias
Leyendo la información de estado... Hecho
Calculando la actualización... Hecho
Los paquetes indicados a continuación se instalaron de forma automática y ya no son necesarios.
  libllvm9 linux-headers-4.15.0-111 linux-headers-4.15.0-111-generic
  linux-image-4.15.0-111-generic linux-modules-4.15.0-111-generic
  linux-modules-extra-4.15.0-111-generic
Utilice «sudo apt autoremove» para eliminarlos.
Se instalarán los siguientes paquetes NUEVOS:
  linux-headers-4.15.0-112 linux-headers-4.15.0-112-generic
  linux-image-4.15.0-112-generic linux-modules-4.15.0-112-generic
  linux-modules-extra-4.15.0-112-generic
Se actualizarán los siguientes paquetes:
  firefox grub-common grub-pc grub-pc-bin grub2-common libllvm10 libmysqlclient20
  librsvg2-2 librsvg2-common libseccomp2 linux-generic linux-headers-generic
  linux-image-generic linux-libc-dev mysql-server python3-apt python3-distupgrade
  ubuntu-release-upgrader-core zentyal-dhcp zentyal-dns zentyal-software
21 actualizados, 5 nuevos se instalarán, 0 para eliminar y 0 no actualizados.
16 no instalados del todo o eliminados.
Se necesita descargar 0 B/142 MB de archivos.
Se utilizarán 334 MB de espacio de disco adicional después de esta operación.
¿Desea continuar? [S/n] s
Preconfigurando paquetes ...
Configurando zentyal-core (6.1.6) ...
Connection DB Error: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
dpkg: error al procesar el paquete zentyal-core (--configure):
 installed zentyal-core package post-installation script subprocess returned error exit status 2
Se encontraron errores al procesar:
 zentyal-core
E: Sub-process /usr/bin/dpkg returned an error code (1)
administrator@servidor:~$ sudo zentyal-core --configure
sudo: zentyal-core: command not found

2
Installation and Upgrades / Zentyal update failed, not boot.
« on: July 20, 2020, 05:55:32 pm »
Zentyal update failed, not boot.  please I need help.

https://photos.app.goo.gl/KgyNyBDZq9854URX6

3
hello, greetings to the zentyal team.
I have zentyal 6.0 with an ethernet adapter and a TP-LINK wireless adapter model TL-WDN4800.
My zentyal server only works as an active domain controller directory.

From the ethernet adapter called as interface eth2 with the IP address 192.168.1.2 mask 255.255.255.0
get internet through this adapter through the 192.168.1.1 gateway which is a commercial UTM firewall.

The wireless adapter called as interface wlan0 with the IP address 192.168.137.1 mask 255.255.255.0.

/etc/network/interfaces
Code: [Select]
administrator@servidor:~$ cat /etc/network/interfaces
allow-hotplug lo eth2 wlan0

iface lo inet loopback

iface eth2 inet static
      address 192.168.1.2
      netmask 255.255.255.0
      broadcast 192.168.1.255
      offload-gro off
      offload-gso off
      offload-tso off

iface wlan0 inet static
      address 192.168.137.1
      netmask 255.255.255.0
      broadcast 192.168.137.255
      offload-gro off
      offload-gso off
      offload-tso off

The DHCP server delivers IP addresses to the 192.168.137.1 interface with a range of 192.168.137.100 to 192.168.137.254 with DNS 8.8.8.8 and 8.8.4.4.
/etc/dhcp/dhcpd.conf
Code: [Select]
shared-network wlan0 {

    subnet 192.168.137.0 netmask 255.255.255.0 {

        option routers 192.168.137.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        option ntp-servers 192.168.137.1;
        default-lease-time 1800;
        max-lease-time 7200;


        pool {



            next-server 192.168.137.1;

            range 192.168.137.100 192.168.137.254;
        }
    }

    group {
        option routers 192.168.137.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        option ntp-servers 192.168.137.1;
        default-lease-time 1800;
        max-lease-time 7200;


    }

}

/etc/default/hostapd
Code: [Select]
administrator@servidor:~$ cat /etc/default/hostapd
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
#       -d   show more debug messages (-dd for even more)
#       -K   include key data in debug messages
#       -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

we configure
/etc/hostapd/hostapd.conf
Code: [Select]
# Plantilla de configuracion hostapd para router Wi-Fi 2.4 GHz generico modo abierto para Venezuela
# /etc/hostapd/hostapd.conf
# Adaptador PCI-E TP-LINK TL-WDN4800 N900

#
# Opciones Generales hostapd
#
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
interface=wlan0
#bridge=br0
driver=nl80211
#driver_params=
ssid=Internet Libre

#
# Ajustes regulatorios para Venezuela
#
ieee80211d=1
country_code=VE
# Entorno para Interiores: 0x49 Exteriores: 0x4f Todos los entornos: 0x20
#country3=0x49
#local_pwr_constraint=3
#spectrum_mgmt_required=1

#
# Opciones de Seguridad
#
ignore_broadcast_ssid=0
disassoc_low_ack=1
wpa=0
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny

#
# Ajustes de bandas IEEE 802.11 (b/g)
#
hw_mode=g

#
# Ajustes de banda IEEE 802.11n (n)
#
ieee80211n=1
require_ht=1
ht_capab=[LDPC][HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-3839][DSSS_CCK-40][MAX-A-MPDU-LEN-EXP3]

#
# Ajustes IEEE 802.11u-2011
#
#interworking=1
#access_network_type=3
#internet = 1
#venue_group=2
#venue_type=0

#
# QoS
#
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0

#
# Ajustes Avanzados
#
channel=0
#acs_num_scans=5
#acs_chan_bias=1:0.8 6:0.8 11:0.8
#chanlist=1 6 11-13
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240
#beacon_rate=10
#preamble=1

#
# Registro
#
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

Start test
Code: [Select]
sudo hostapd -dd /etc/hostapd/hostapd.conf
Ctrl+C (exit)

we create the service...
Code: [Select]
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
   Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-04-27 15:19:56 -04; 21min ago
  Process: 18270 ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
 Main PID: 18271 (hostapd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/hostapd.service
           └─18271 /usr/sbin/hostapd -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

abr 27 15:19:56 servidor systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator...
abr 27 15:19:56 servidor hostapd[18270]: Configuration file: /etc/hostapd/hostapd.conf
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
abr 27 15:19:56 servidor hostapd[18270]: ACS: Automatic channel selection started, this may take a bit
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state COUNTRY_UPDATE->ACS
abr 27 15:19:56 servidor hostapd[18270]: wlan0: ACS-STARTED
abr 27 15:19:56 servidor systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
I have hostapd installed and I already made my test configuration, which mobile devices connect but does not have internet.

According to the guide I am reading, I must edit the configuration file: /etc/sysctl.conf
change: net.ipv4.ip_forward = 1
save.
add the configuration to the firewall.
sudo iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -o eth2 -j MASQUERADE

The problem is that this configuration is temporary, because zentyal when restarting does not save the change.
How can I enable Internet connection to wireless devices permanently?

4
Installation and Upgrades / [Help] remove hard drive that fails.
« on: April 19, 2019, 05:12:43 pm »
Greetings to the zentyal team.
I have a problem with a hard drive that installs my zentyal server. The hard drive is as storage for the HOME partition, which I have many music files and programs for PDQ Deploy software installations, to share on the network. Last week I installed 2 new hard drives to extend the volume, but I did not notice that one of them is the one that is failing, it is also a different model.

Code: [Select]
administrator@servidor:~$ sudo lsscsi
[sudo] password for administrator:
[0:0:0:0]    disk    ATA      WDC WD5000AAKX-0 1H15  /dev/sda
[1:0:0:0]    disk    ATA      ST3750640NS      3CNR  /dev/sdb
[4:0:0:0]    disk    ATA      ST3750525AS      JC45  /dev/sdc
[5:0:0:0]    disk    ATA      ST3750640NS      3CNR  /dev/sdd
[6:0:0:0]    disk    Generic  STORAGE DEVICE   9833  /dev/sde
The problem is ST3750525AS with the extension /dev/sdc

I need to remove without damaging the system, I made an attempt to remove it abruptly and zentyal does not start.

Code: [Select]
administrator@servidor:~$ sudo lsblk -fm
NAME                       FSTYPE      LABEL  UUID                                   MOUNTPOINT   SIZE OWNER GROUP MODE
sda                                                                                             465,8G root  disk  brw-rw----
├─sda1                     ext2        BOOT   694c0d39-ca9e-47f6-8cc9-c3ae7d107986   /boot        1,9G root  disk  brw-rw----
├─sda2                     swap               a7585f9d-98c4-4aee-b970-14f95e0ee81a   [SWAP]         8G root  disk  brw-rw----
├─sda3                                                                                              1K root  disk  brw-rw----
└─sda5                     LVM2_member        a7FzEB-amue-MqwT-i571-qR1P-m85V-CyZ6cn            455,9G root  disk  brw-rw----
  ├─servidor_vg-root_vl    ext4        ROOT   565b1925-bb20-4a88-a765-56043b2828ee   /          176,5G root  disk  brw-rw----
  └─servidor_vg-srv_vl     ext4        SRV    17922afb-d5a6-467a-bc74-39853afff2a0   /srv       279,4G root  disk  brw-rw----
sdb                                                                                             698,7G root  disk  brw-rw----
└─sdb1                     LVM2_member        Erzj3X-1nuW-nDwi-SKEN-KYcC-VfEW-CtYc82            698,7G root  disk  brw-rw----
  └─servidor_vg-storage_vl ext4        HOME   803e8428-0ff1-45f5-bcc4-d0e9906797ec   /home          2T root  disk  brw-rw----
sdc                                                                                             698,7G root  disk  brw-rw----
└─sdc1                     LVM2_member        A2dleM-MmRA-FWOn-30iD-wHdf-g2u5-308tsn            698,7G root  disk  brw-rw----
  ├─servidor_vg-backup_vl  ext4        BACKUP 2a5b3339-b60b-4b8a-b8c5-1bc3e05eff86   /bak        46,7G root  disk  brw-rw----
  └─servidor_vg-storage_vl ext4        HOME   803e8428-0ff1-45f5-bcc4-d0e9906797ec   /home          2T root  disk  brw-rw----
sdd                                                                                             698,7G root  disk  brw-rw----
└─sdd1                     LVM2_member        2iY9uh-n3iA-Peg6-5u3L-oq5h-hS1d-RHwswE            698,7G root  disk  brw-rw----
  └─servidor_vg-storage_vl ext4        HOME   803e8428-0ff1-45f5-bcc4-d0e9906797ec   /home          2T root  disk  brw-rw----

Code: [Select]
administrator@servidor:~$ sudo lvdisplay
  --- Logical volume ---
  LV Path                /dev/servidor_vg/root_vl
  LV Name                root_vl
  VG Name                servidor_vg
  LV UUID                giYw25-XP8J-YXAn-wckO-D8ur-2WTh-eP0gNT
  LV Write Access        read/write
  LV Creation host, time servidor, 2019-03-01 17:37:21 -0400
  LV Status              available
  # open                 1
  LV Size                <176,49 GiB
  Current LE             45181
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0

  --- Logical volume ---
  LV Path                /dev/servidor_vg/srv_vl
  LV Name                srv_vl
  VG Name                servidor_vg
  LV UUID                9BYX7s-CZRg-xYEg-FXmG-6pDa-uI9A-BI1GoF
  LV Write Access        read/write
  LV Creation host, time servidor, 2019-03-01 17:37:35 -0400
  LV Status              available
  # open                 1
  LV Size                <279,40 GiB
  Current LE             71526
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1

  --- Logical volume ---
  LV Path                /dev/servidor_vg/backup_vl
  LV Name                backup_vl
  VG Name                servidor_vg
  LV UUID                kDHbDG-LZsx-qd78-a4QI-YHeW-ywJ1-fSP2aC
  LV Write Access        read/write
  LV Creation host, time servidor, 2019-03-01 17:39:25 -0400
  LV Status              available
  # open                 1
  LV Size                46,70 GiB
  Current LE             11956
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2

  --- Logical volume ---
  LV Path                /dev/servidor_vg/storage_vl
  LV Name                storage_vl
  VG Name                servidor_vg
  LV UUID                Cjufl9-zSem-eSqA-m8Bk-RNHN-9r5R-L08pW2
  LV Write Access        read/write
  LV Creation host, time servidor, 2019-03-01 17:39:35 -0400
  LV Status              available
  # open                 1
  LV Size                2,00 TiB
  Current LE             524594
  Segments               3
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:3

Code: [Select]
administrator@servidor:~$ sudo vgdisplay
  --- Volume group ---
  VG Name               servidor_vg
  System ID
  Format                lvm2
  Metadata Areas        4
  Metadata Sequence No  9
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                4
  Open LV               4
  Max PV                0
  Cur PV                4
  Act PV                4
  VG Size               2,49 TiB
  PE Size               4,00 MiB
  Total PE              653257
  Alloc PE / Size       653257 / 2,49 TiB
  Free  PE / Size       0 / 0
  VG UUID               vBHTK9-fBf3-2N8d-k3qu-5rFL-9HZr-AiGkQ2

5
Directory and Authentication / [SOLVED] File Sharing does not work
« on: March 28, 2019, 10:34:42 pm »
hello, on my domain controller, create a folder for wallpapers. add security policies so that groups only reading and other groups with higher permissions can read and write.

it does not give me permission to read or write.

/etc/samba/smb.conf
Code: [Select]
administrator@servidor:~$ cat /etc/samba/smb.conf
[global]
    workgroup = savidoca
    realm = SAVIDOCA.COM
    netbios name = servidor
    server string = Zentyal Server
    server role = dc
    server role check:inhibit = yes
    server services = -dns
    server signing = auto
    dsdb:schema update allowed = yes
    ldap server require strong auth = no
    drs:max object sync = 1200

    idmap_ldb:use rfc2307 = yes

    winbind enum users = yes
    winbind enum groups = yes
    template shell = /bin/bash
    template homedir = /home/%U

    rpc server dynamic port range = 49152-65535

    interfaces = lo,eth2
    bind interfaces only = yes

    map to guest = Bad User

    log level = 3
    log file = /var/log/samba/samba.log
    max log size = 100000



    include = /etc/samba/shares.conf




[netlogon]
    path = /var/lib/samba/sysvol/savidoca.com/scripts
    browseable = no
    read only = yes

[sysvol]
    path = /var/lib/samba/sysvol
    read only = no

/etc/samba/shares.conf
Code: [Select]
administrator@servidor:~$ cat /etc/samba/shares.conf
[homes]
    comment = Directorios de usuario
    path = /home/%S
    read only = no
    browseable = no
    create mask = 0611
    directory mask = 0711
    vfs objects = acl_xattr full_audit
    full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename
    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename

# Shares

[wallpapers]
    comment = fondos de pantalla
    path = /home/samba/shares/wallpapers
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"cybers", @"vendedores", @"gerentes", @"tech"
    read list = @"cybers", @"vendedores"
    write list = @"gerentes", @"tech"
    admin users =
    vfs objects = acl_xattr full_audit
    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename


/home/samba/shares/wallpapers
Code: [Select]
administrator@servidor:~$ ls -la /home/samba/shares
total 16
drwxrwx---+ 3 root          SAVIDOCA\domain users 4096 mar 25 11:15 .
drwxrwx---+ 4 root          SAVIDOCA\domain users 4096 mar  2 12:51 ..
drwxrwx---+ 2 administrator adm                   4096 mar 25 11:15 wallpapers
administrator@servidor:~$ ls -la /home/samba/shares/wallpapers
total 12
drwxrwx---+ 2 administrator adm                   4096 mar 25 11:15 .
drwxrwx---+ 3 root          SAVIDOCA\domain users 4096 mar 25 11:15 ..

Code: [Select]
administrator@servidor:~$ getfacl /home/samba/shares/wallpapers
getfacl: Removing leading '/' from absolute path names
# file: home/samba/shares/wallpapers
# owner: administrator
# group: adm
user::rwx
user:administrator:rwx
group::rwx
group:adm:rwx
group:SAVIDOCA\134domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::rwx
default:group:adm:rwx
default:group:SAVIDOCA\134domain\040admins:rwx
default:mask::rwx
default:other::---

will it be some permission of the folder?

6
Greetings to Zentyal team.
I find the following doubt.
I have Zentyal Server 6.0 with the modules: domain controller, dns, network, dhcp, firewall, IPS, authority certificate, ftp, ntp and registry.

But the domain controller is not a gateway, I use another UTM solution as a firewall for my network.

my domain controller is "* .com" and I wanted to know what port should be exposed to the Internet?

Code: [Select]
tcp        0      0 192.168.1.2:135         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.1.1:135           0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.0.1:135           0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 127.0.1.1:139           0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 192.168.1.2:139         0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 192.168.1.2:464         0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 127.0.1.1:464           0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 127.0.0.1:464           0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 172.16.251.1:53         0.0.0.0:*               LISTEN      2569/named
tcp        0      0 172.16.14.1:53          0.0.0.0:*               LISTEN      2569/named
tcp        0      0 192.168.1.2:53          0.0.0.0:*               LISTEN      2569/named
tcp        0      0 201.210.227.42:53       0.0.0.0:*               LISTEN      2569/named
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      2569/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2569/named
tcp        0      0 192.168.1.2:88          0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 127.0.1.1:88            0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 127.0.0.1:88            0.0.0.0:*               LISTEN      3276/samba
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2569/named
tcp        0      0 192.168.1.2:636         0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.1.1:636           0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.0.1:636           0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 127.0.1.1:445           0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 192.168.1.2:445         0.0.0.0:*               LISTEN      3273/smbd
tcp        0      0 192.168.1.2:49152       0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.1.1:49152         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.0.1:49152         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 192.168.1.2:49153       0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.1.1:49153         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.0.1:49153         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 192.168.1.2:49154       0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.1.1:49154         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 127.0.0.1:49154         0.0.0.0:*               LISTEN      3269/samba
tcp        0      0 192.168.1.2:3268        0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.1.1:3268          0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.0.1:3268          0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 192.168.1.2:3269        0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 192.168.1.2:389         0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.1.1:3269          0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.1.1:389           0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.0.1:3269          0.0.0.0:*               LISTEN      3274/samba
tcp        0      0 127.0.0.1:389           0.0.0.0:*               LISTEN      3274/samba

7
Hola Buenas Tardes.
Necesito Mudar el Controlador de Dominio Directorio Activo de Zentyal 5.0 a otro Servidor Zentyal 6.0.

Alguien sabe como es el procedimiento?

8
Hello to the zentyal team and its users.
I have several months trying to find the solution to this problem, when installing the graphical interface of zenbuntu-desktop or the same one of ubuntu-desktop. When the screen is locked in a login cycle when I try to enter my desktop. When I log in, the screen turns black and soon after the login screen reappears.

I took the job of doing several tests until I found the problem, modified the following files.
After installing the module: Active Directory Domain Controller.
He modifies the files:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/pam.d/common-session-noninteractive


Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-account.backup /etc/pam.d/common-account
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< account       [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so
< # here's the fallback if no module succeeds
< account       requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # account    [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
> # pre_auth-client-config # account    [success=1 new_authtok_reqd=done default=ignore]        pam_winbind.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # account    requisite                       pam_deny.so
23,25c24,30
< account       required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< # end of pam-auth-update config
---
> # pre_auth-client-config # account    required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # # end of pam-auth-update config
> account [success=1 new_authtok_reqd=done default=ignore]    pam_unix.so
> account requisite           pam_deny.so
> account required            pam_permit.so
> account sufficient          pam_localuser.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-auth.backup /etc/pam.d/common-auth
16,19c16,20
< # here are the per-package modules (the "Primary" block)
< auth  [success=1 default=ignore]      pam_unix.so nullok_secure
< # here's the fallback if no module succeeds
< auth  requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # auth       [success=2 default=ignore]      pam_unix.so nullok_secure
> # pre_auth-client-config # auth       [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # auth       requisite                       pam_deny.so
23,26c24,31
< auth  required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< auth  optional                        pam_cap.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # auth       required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # auth       optional                        pam_cap.so
> # pre_auth-client-config # # end of pam-auth-update config
> auth    [success=1 default=ignore]  pam_unix.so nullok_secure
> auth    requisite           pam_deny.so
> auth    required            pam_permit.so
> auth    optional            pam_cap.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-password.backup /etc/pam.d/common-password
24,27c24,29
< # here are the per-package modules (the "Primary" block)
< password      [success=1 default=ignore]      pam_unix.so obscure sha512
< # here's the fallback if no module succeeds
< password      requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # password   requisite                       pam_pwquality.so retry=3
> # pre_auth-client-config # password   [success=2 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
> # pre_auth-client-config # password   [success=1 default=ignore]      pam_winbind.so use_authtok try_first_pass
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # password   requisite                       pam_deny.so
31,34c33,40
< password      required                        pam_permit.so
< # and here are more per-package modules (the "Additional" block)
< password      optional        pam_gnome_keyring.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # password   required                        pam_permit.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # password   optional        pam_gnome_keyring.so
> # pre_auth-client-config # # end of pam-auth-update config
> password requisite                   pam_pwquality.so retry=3
> password [success=2 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
> password requisite                   pam_deny.so
> password required                    pam_permit.so

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session.backup /etc/pam.d/common-session
15,18c15,18
< # here are the per-package modules (the "Primary" block)
< session       [default=1]                     pam_permit.so
< # here's the fallback if no module succeeds
< session       requisite                       pam_deny.so
---
> # pre_auth-client-config # # here are the per-package modules (the "Primary" block)
> # pre_auth-client-config # session    [default=1]                     pam_permit.so
> # pre_auth-client-config # # here's the fallback if no module succeeds
> # pre_auth-client-config # session    requisite                       pam_deny.so
22c22
< session       required                        pam_permit.so
---
> # pre_auth-client-config # session    required                        pam_permit.so
27,31c27,38
< session optional                      pam_umask.so
< # and here are more per-package modules (the "Additional" block)
< session       required        pam_unix.so
< session       optional        pam_systemd.so
< # end of pam-auth-update config
---
> # pre_auth-client-config # session optional                   pam_umask.so
> # pre_auth-client-config # # and here are more per-package modules (the "Additional" block)
> # pre_auth-client-config # session    required        pam_unix.so
> # pre_auth-client-config # session    optional                        pam_winbind.so
> # pre_auth-client-config # session    optional        pam_systemd.so
> # pre_auth-client-config # # end of pam-auth-update config
> session [default=1] pam_permit.so
> session requisite   pam_deny.so
> session required    pam_permit.so
> session optional    pam_umask.so
> session required    pam_unix.so
> session required    pam_mkhomedir.so skel=/etc/skel/ umask=0077

Code: [Select]
administrator@servidor:~$ diff /etc/pam.d/common-session-noninteractive.backup /etc/pam.d/common-session-noninteractive
29a30
> session       optional                        pam_winbind.so

9
Spanish / [Solucion] Apagones, error initramfs
« on: September 08, 2018, 11:31:16 pm »
Hola, esto me paso ayer, con los constantes apagones. ya que la batería del ups de mi servidor se venció.
Pues al arrancar el sistema operativo de ubuntu bajo zentyal, quedo en el error (initramfs)

Para repararlo se hace el siguiente comando:
sfck /dev/mapper/<hostname>--<LVMgroup-root> -y

como mi disco esta particionado LVM
Mi hostname es: SERVIDOR
Mi grupo LVM es vg_servidor
Mi volumen LVM es donde esta el sistema operativo: root

Code: [Select]
sfck /dev/mapper/SERVIDOR--vg_servidor-root -y
reboot

Espero que sea de ayuda para los que están comenzando.

10
Spanish / [Desarrollo] Bash Script Samba-AD-DC Bind9_DLZ Backend
« on: August 15, 2018, 07:36:33 am »
Descripción: Script Bash como alternativa para crear un servidor Samba Directorio Activo, Controlador de Dominio DNS Bind9_DLZ Backend para Ubuntu Server 18.04 LTS.
Nota: En desarrollo, solo para pruebas, no intente usar en entorno producción.

Primero identifiquemos los interfaz de red:
Code: [Select]
ip -o link show | awk -F': ' '{print $2}'

resultado:
Code: [Select]
lo
enp4s0
enp4s1
enp6s0
wlp5s0

edite /etc/netplan/01-netcfg.yaml para configurar los adaptadores de red, el nombre de cada adaptador puede ser diferente en su equipo.

ejemplo:
Code: [Select]
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp6s0:
      dhcp4: no
      addresses: [192.168.1.2/24]
      gateway4: 192.168.1.1
      nameservers:
              search: [savidoca.com]
              addresses: [192.168.1.1,192.168.1.2]

    enp4s0:
      dhcp4: yes
      dhcp6: yes
    enp4s1:
      dhcp4: yes
      dhcp6: yes
    wlp5s0:
      dhcp4: yes
      dhcp6: yes

aplicar cambios
Code: [Select]
sudo netplan apply


Esta en desarrollo.
Samba-ad-dc_DNS-Backend.sh
pastebin: https://pastebin.com/LK6vfKpT
Code: [Select]
#!/bin/bash
# Autor: John Llewelyn
# Description: Instalar Samba Directorio Activo, Controlador de Dominio Bind9_DLZ DNS Backend
echo 'Configure la contraseña root'
sudo passwd root
clear
read -p 'Introduzca el nombre de host, ejemplo [ servidor ]: ' hostname
clear
read -p 'Introduzca el nombre de dominio, ejemplo [ savidoca.com ]: ' domain
clear
read -p 'Introduzca el nombre de grupo de trabajo, ejemplo [ SAVIDOCA ]: ' workgroup
clear
read -p 'Introduzca la direccion IP de su red, ejemplo [ 192.168.1.0/24 ]: ' network
clear
read -p 'Introduzca la direccion IP broadcast de su red, ejemplo [ 192.168.1.255 ]: ' broadcast
clear
read -p 'Introduzca la direccion IP del AD DC, ejemplo [ 192.168.1.2 ]: ' ipaddress
clear
read -p 'Introduzca la direccion IP de su gateway, ejemplo [ 192.168.1.1 ]: ' gw
clear
read -p 'Introduzca la direccion IP inversa de su AD DC, ejemplo: [ 1.168.192 ]: ' reverse
clear
read -p 'Introduzca las direcciones DNS reenviadores para su AD DC, ejemplo: [ 8.8.8.8;8.8.4.4; ] ' forwarders
clear
read -sp 'Introduzca la contraseña para AD: ' password
clear
echo el nombre de tu host es: $hostname
echo el nombre de dominio es: $domain
echo el nombre de tu grupo de trabajo es: $workgroup
echo el esquema de la tu red es: $network
echo el broadcast de tu red es: $broadcast
echo la direccion ip de tu AD DC es: $ipaddress
echo la direccion ip de tu gateway es: $gw
echo la direccion inversa de tu dominio es: $reverse.in-addr.arpa.
echo la direcciones DNS reenviadores son: $forwarders
read -p "Esta seguro que estos son los datos correctos? " -n 1 -r
echo    # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    exit 1
fi
clear
# Ajustes hostname, resolvconf, hosts, acl, attr
sudo hostnamectl set-hostname "$hostname"
sudo bash -c 'echo -e "nameserver $ipaddress\ndomain $domain" > /etc/resolvconf/resolv.conf.d/tail'
sudo chmod 644 /etc/resolvconf/resolv.conf.d/tail
sudo resolvconf -u
sudo bash -c 'echo -e "127.0.0.1 localhost localhost.localdomain\n$ipaddress $hostname $hostname.$domain\n# The following lines are desirable for IPv6 capable hosts\n::1 ip6-localhost ip6-loopback\nfe00::0 ip6-localnet\nff00::0 ip6-mcastprefix\nff02::1 ip6-allnodes\nff02::2 ip6-allrouters\nff02::3 ip6-allhosts" > /etc/hosts'
sudo sed -i.old -r '/[ \t]\/[ \t]/{s/(ext4[\t ]*)([^\t ]*)/\1\2,user_xattr,acl,barrier=1/}' /etc/fstab
sudo mount -a -o remount,rw /

# Instalando samba, krb5, winbind, bind9, chrony, openssl
sudo apt install acl attr samba smbclient winbind libpam-winbind libnss-winbind krb5-user krb5-config krb5-locales bind9 bind9utils bind9-doc binutils ldb-tools chrony openssl isc-dhcp-server -y

# Preparando Servicio samba-ad-dc
sudo systemctl stop samba-ad-dc.service smbd.service nmbd.service winbind.service
sudo systemctl disable samba-ad-dc.service smbd.service nmbd.service winbind.service
sudo systemctl unmask samba-ad-dc
sudo rm -f /etc/samba/smb.conf
sudo rm -f /var/run/samba/*.[t,l]db
sudo rm -f /var/lib/samba/*.[t,l]db
sudo rm -f /var/cache/samba/*.[t,l]db
sudo rm -f /var/lib/samba/private/*.[t,l]db
sudo rm -r /var/lib/samba/sysvol/*
# provisionando ad-dc
sudo samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=$domain --domain=$workgroup --function-level=2008_R2 --adminpass=$password

# Ajustes krb5.conf
sudo rm -f /etc/krb5.conf
sudo ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
sudo sed -i "/dns_lookup_kdc = true/a \        rdns = no" /var/lib/samba/private/krb5.conf

# Ajustes smb.conf
sudo sed -i "/[global]/a         security = auto" /etc/samba/smb.conf
sudo sed -i "/security = auto/a allow dns updates = secure only" /etc/samba/smb.conf
sudo sed -ri 's/server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate/server services = -dns/g' /etc/samba/smb.conf
sudo sed -i "/workgroup = $workgroup/a /n# dns forwarder = $ipaddress" /etc/samba/smb.conf
sudo sed -i "/dns forwarder = /a # interfaces = " /etc/samba/smb.conf
sudo sed -i "/interfaces = /a # bind interfaces only = yes" /etc/samba/smb.conf
sudo sed -i "/idmap_ldb:use rfc2307 = yes/a n\ # Default idmap config for local BUILTIN accounts and groups\n idmap config * : backend = tdb\n idmap config * : range = 3000-7999" /etc/samba/smb.conf
sudo sed -i "/idmap config * : range = /a n\ # idmap config for the $workgroup domain\n idmap config $workgroup:backend = ad\n idmap config $workgroup:schema_mode = rfc2307\n idmap config $workgroup:range = 10000-999999" /etc/samba/smb.conf
sudo sed -i "/idmap config $workgroup:range = /a n\ idmap config $workgroup: unix_nss_info = yes\n idmap config $workgroup: unix_primary_group = yes" /etc/samba/smb.conf
sudo sed -i "/unix_primary_group = /a n\ # Template settings for login shell and home directory\n template shell = /bin/bash\n template homedir = /home/%U" /etc/samba/smb.conf
sudo sed -i "/template homedir/a n\ winbind enum users = yes\n winbind enum groups = yes\n winbind use default domain = yes\n winbind use default domain = yes\n winbind offline logon = no\n winbind cache time = 300\n winbind nss info = rfc2307" /etc/samba/smb.conf
sudo sed -i "/winbind nss info = /a n\ server signing = auto\n# server role check:inhibit = yes\n# dsdb:schema update allowed = yes\n# drs:max object sync = 1200\n# kernel share modes = yes\n# client use spnego = yes\n# client NTLMv2 auth = yes\n# client min protocol = SMB2\n# client max protocol = SMB3\n# server min protocol = SMB2\n# server max protocol = SMB3\n restrict anonymous = 2\n map to guest = Never" /etc/samba/smb.conf
sudo sed -i "/map to guest/a n\log level = 3" /etc/samba/smb.conf
sudo sed -i "/log level/a log file = /var/log/samba/samba.log" /etc/samba/smb.conf
sudo sed -i "/log file/a max log size = 100000" /etc/samba/smb.conf
sudo sed -i "/max log size/a \n# Configuring LDAP over SSL (LDAPS)\ntls enabled = yes\ntls keyfile = tls/samba.key\ntls certfile = tls/samba.crt\ntls cafile = " /etc/samba/smb.conf
sudo sed -i "/tls cafile/a n\# printing = CUPS" /etc/samba/smb.conf
sudo sed -i "/printing = /a n\# include = /etc/samba/shares.conf\n# include = /etc/samba/profiles.conf\n# include = /etc/samba/printers.conf" /etc/samba/smb.conf
# Incompleto falta modificar 1 linea.

# Roaming Windows User Profiles
sudo bash -c 'echo -e "[profiles]\n        comment = Users profiles\n        path = /srv/samba/profiles/\n        browseable = No\n        read only = No\n        force create mode = 0600\n        force directory mode = 0700\n        csc policy = disable\n        store dos attributes = yes\n        vfs objects = acl_xattr" >> /etc/samba/profiles.conf'
sudo mkdir -p /srv/samba/profiles/
sudo chgrp -R "Domain Users" /srv/samba/profiles/
sudo chmod 1750 /srv/samba/profiles/

# Creando /etc/samba/shares.conf
sudo bash -c 'echo -e "[homes]\n    comment = Directorios de usuario\n    path = /home/%S\n    read only = no\n    browseable = no\n    create mask = 0611\n    directory mask = 0711\n    vfs objects = acl_xattr full_audit\n    full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename\n    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename" >> /etc/samba/shares.conf'

# Creando /etc/samba/printers.conf
sudo bash -c 'echo -e "[printers]\n       path = /var/spool/samba/\n       printable = yes" >> /etc/samba/printers.conf'
mkdir -p /var/spool/samba/
chmod 1777 /var/spool/samba/
# smbcontrol all reload-config

# Ajustes windbind , PAM
sudo sed -ri 's/passwd:         compat systemd/passwd:         compat winbind/g' /etc/nsswitch.conf
sudo sed -ri 's/group:          compat systemd/group:          compat winbind/g' /etc/nsswitch.conf
sudo sed -ri 's/dns myhostname/dns mdns/g' /etc/nsswitch.conf
# sudo sed -ri 's/pam_winbind.so use_authtok try_first_pass/pam_winbind.so try_first_pass/g' /etc/pam.d/common-password
sudo pam-auth-update

# Ajustes Bind9
sudo wget -q -O /etc/bind/db.root http://www.internic.net/zones/named.root
sudo wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11
sudo bash -c 'echo -e "include \"/var/lib/samba/private/named.conf\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/named.conf.logging\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/rndc.key\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "include \"/etc/bind/rndc.conf\";" >> /etc/bind/named.conf'
sudo bash -c 'echo -e "controls {\n         inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };\n};" >> /etc/bind/rndc.conf'
sudo chgrp bind /var/lib/samba/private/dns.keytab
sudo chmod g+r /var/lib/samba/private/dns.keytab
sudo rndc-confgen -a
sudo chown root:bind /etc/bind/rndc.key
sudo chmod 640 /etc/bind/rndc.key
sudo sed -i "/directory/a \        sortlist {\n        { $network ;{ $network ; };};\n        };"  /etc/bind/named.conf.options
sudo cp -b /etc/bind/db.local /var/lib/bind/db.$reverse
sudo chown bind:bind /var/lib/bind/db.$reverse
sudo chmod 640 /var/lib/bind/db.$reverse
sudo sed -ri 's/RESOLVCONF=no/RESOLVCONF=yes/g' /etc/default/bind9
sudo bash -c 'echo -e "acl "trusted" {\n    localhost;\n    localnets;\n};\n\nacl "internal-local-nets" {\n    $network;\n};\n" >> /etc/bind/named.conf.local'
sudo bash -c 'echo -e "zone "$reverse.in-addr.arpa" {\n    type master;\n    file \"/var/lib/bind/db.$reverse\";\n    update-policy {\n        // The only allowed dynamic updates are PTR records\n        grant $domain. subdomain $reverse.in-addr.arpa. PTR TXT;\n        // Grant from localhost\n        grant local-ddns zonesub any;\n    };\n};\n" >> /etc/bind/named.conf.local'
sudo sed -i "/directory/a \        cleaning-interval 1440;\n        max-cache-ttl 2419200;\n        max-ncache-ttl 86400;\n        max-cache-size unlimited;\n        stacksize unlimited;\n        datasize unlimited;\n        coresize unlimited;\n        \n        listen-on { any; };"  /etc/bind/named.conf.options
sudo sed -i "/listen-on-v6/a \        allow-query { any; };\n        allow-recursion { trusted; };\n        allow-query-cache { trusted; };\n        allow-transfer { none; };\n        notify no;"  /etc/bind/named.conf.options
sudo sed -i "/dnssec-validation/a \        #dnssec-lookaside auto;"  /etc/bind/named.conf.options
sudo sed -i 's[// forwarders[forwarders[g' /etc/bind/named.conf.options
sudo sed -i "s[// \t0.0.0.0;[      $forwarders[g" /etc/bind/named.conf.options
sudo sed -i "s[// };[};[g" /etc/bind/named.conf.options
sudo sed -i "/listen-on-v6/a \        tkey-gssapi-keytab\"/var/lib/samba/private/dns.keytab\";" /etc/bind/named.conf.options
sudo sed -i "/tkey-gssapi-keytab/i \        // DNS dynamic updates via Kerberos "/var/lib/samba/private/dns.keytab";" /etc/bind/named.conf.options
sudo sed -i "/notify no/a \        empty-zones-enable no;" /etc/bind/named.conf.options
sudo sed -i 's[//include[include[g' /etc/bind/named.conf.local
sudo bash -c 'echo -e "# Samba4 DLZ and Active Directory Zones (default source installation)\n/usr/lib/x86_64-linux-gnu/ldb/** rwmk,\n/usr/lib/x86_64-linux-gnu/samba/** rwmk,\n/var/lib/samba/** rm,\n/var/lib/samba/private/dns/** rwmk,\n/etc/samba/smb.conf r,\n/var/lib/samba/private/named.conf r,\n/var/lib/samba/private/dns.keytab r,\n/etc/bind/rndc.key  r,\n/var/tmp/** rwmk,\n/dev/urandom rw,\n/var/log/bind/** rw," >> /etc/apparmor.d/local/usr.sbin.named'
sudo bash -c 'echo -e "logging {\n        channel update_debug {\n                file \"/var/log/update_debug.log\" versions 3 size 100k;\n                severity debug;\n                print-severity  yes;\n                print-time      yes;\n        };\n        channel security_info {\n                file \"/var/log/security_info.log\" versions 1 size 100k;\n                severity info;\n                print-severity  yes;\n                print-time      yes;\n        };\n        channel bind_log {\n                file \"/var/log/bind.log\" versions 3 size 1m;\n                severity info;\n                print-category  yes;\n                print-severity  yes;\n                print-time      yes;\n        };\n\n        category default { bind_log; };\n        category lame-servers { null; };\n        category update { update_debug; };\n        category update-security { update_debug; };\n        category security { security_info; };\n};" >> /etc/bind/named.conf.logging'
sudo mkdir -p /var/log/bind
sudo chown -R bind:root /var/log/bind
sudo chmod -R 775 /var/log/bind

# Ajustes NTP
sudo bash -c 'echo -e "# samba4 ntp signing socket\n/var/lib/samba/ntp_signd/socket rw," >> /etc/apparmor.d/local/usr.sbin.chronyd'
sudo install -d /var/lib/samba/ntp_signd
sudo chown root:_chrony /var/lib/samba/ntp_signd
sudo chmod 750 /var/lib/samba/ntp_signd
sudo sed -ri 's/pool ntp.ubuntu.com        iburst maxsources 4/server 0.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 0.ubuntu.pool.ntp.org iburst maxsources 1/server 1.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 1.ubuntu.pool.ntp.org iburst maxsources 1/server 2.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo sed -ri 's/pool 2.ubuntu.pool.ntp.org iburst maxsources 2/server 3.south-america.pool.ntp.org iburst/g' /etc/chrony/chrony.conf
sudo bash -c 'echo -e "# This directive tells 'chronyd' to parse the 'adjtime' file to find out if the\n# real-time clock keeps local time or UTC. It overrides the 'rtconutc' directive.\nhwclockfile /etc/adjtime" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "bindcmdaddress $ipaddress" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "broadcast 60 $broadcast" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "allow $network" >> /etc/chrony/chrony.conf'
sudo bash -c 'echo -e "ntpsigndsocket /var/lib/samba/ntp_signd" >> /etc/chrony/chrony.conf'
sudo timedatectl set-local-rtc 1

# Certificado autofirmado
sudo rm -f /var/lib/samba/private/tls/cert.pem
sudo rm -f /var/lib/samba/private/tls/key.pem
sudo rm -f /var/lib/samba/private/tls/ca.pem
# sudo openssl req -newkey rsa:2048 -keyout /var/lib/samba/private/tls/samba.key -nodes -x509 -days 365 -out /var/lib/samba/private/tls/samba.crt
# sudo chmod 600 /var/lib/samba/private/tls/samba.key

# Certificado de confianza
sudo openssl genrsa -out /var/lib/samba/private/tls/samba.key 2048
sudo openssl req -new -key /var/lib/samba/private/tls/samba.key -out /var/lib/samba/private/tls/samba.csr
sudo openssl x509 -req -days 365 -in /var/lib/samba/private/tls/samba.csr -signkey /var/lib/samba/private/tls/samba.key -out /var/lib/samba/private/tls/samba.crt
sudo chmod 600 /var/lib/samba/private/tls/samba.key

sudo systemctl start samba-ad-dc
sudo systemctl enable samba-ad-dc
sudo systemctl daemon-reload
sudo systemctl reload apparmor
sudo systemctl restart systemd-networkd
sudo systemctl restart systemd-resolved
sudo systemctl restart bind9
sudo systemctl restart chrony

kinit administrator@$domain
sudo samba-tool group addmembers DnsAdmins dns-$hostname
sudo samba-tool user setpassword administrator
sudo samba-tool user setexpiry administrator --noexpiry
sudo samba-tool domain passwordsettings set --complexity=on
sudo samba-tool domain passwordsettings set --store-plaintext=off
sudo samba-tool domain passwordsettings set --history-length=0
sudo samba-tool domain passwordsettings set --min-pwd-age=0
sudo samba-tool domain passwordsettings set --max-pwd-age=0
sudo samba-tool domain passwordsettings set --min-pwd-length=7
sudo samba-tool domain passwordsettings set --account-lockout-duration=30
sudo samba-tool domain passwordsettings set --account-lockout-threshold=0
sudo samba-tool domain passwordsettings set --reset-account-lockout-after=30

# Configurando DHCP Server
sudo samba-tool user create dhcpduser --description="Unprivileged user for TSIG-GSSAPI DNS updates via ISC DHCP server" --random-password
sudo samba-tool user setexpiry dhcpduser --noexpiry
sudo samba-tool group addmembers DnsAdmins dhcpduser
sudo samba-tool domain exportkeytab --principal=dhcpduser@$domain /etc/isc-dhcp-server/dhcpduser.keytab
# incompleto en desarrollo
exit 0

11
Hola, saludos a la comunidad de Zentyal.
Haciendo uso de este espacio para solicitar ayuda, estoy haciendo un bash script que automatice la instalación de un Directorio Activo con soporte SMB/CIFs, CUPS, Bosque y Árbol funcional Windows Server 2012_R2, Controlador de Dominio primario y esclavo DNS Backend con soporte de MySQL para instalar con facilidad en varios servidores Ubuntu Server 16.04 LTS y que se actualice automáticamente los paquetes sin dañar la instalación.

Otro script que facilite la inserción muchos usuarios con su respectivas unidades organizativas y grupos.
La idea es para los que nos toca empresas medianas y grandes.

El problema es que hay muchas guías pero de diferentes maneras de instalar, otras incompletas.

lo que necesito es información concreta para ir construyendo un script bash, quede al final perfecto y compartido con ustedes.

El bash script debe ser interactivo, preguntar los datos de configuración para luego instalar y configurar todos los servicios.
también Zentyal puede hacer uso de el script para mejoras del producto.

Necesito Guías de manera correcta:
Instalar Samba
Instalar Bind
Instalar MySQL Server
Instalar DHCP Server
Instalar NTP Server
Instalar TFTP Server
Configurar para el servidor AD DC SMB/CIFs CUPS DNS Backend con soporte DLZ y MySQL
Firewall y permisos.

Tengo un equipo el cual voy hacer pruebas.

12
Directory and Authentication / Error restarting DNS service
« on: July 16, 2018, 05:09:15 pm »
Some time ago I have this error, since I updated from version 5.0 to 5.1.
Every so often I lose connectivity with the active directory and the computers lose access to the shared folders and do not login with the domain.
After inquiring, it is a problem to have to restart the server completely. Try restarting the DNS service and it is not possible.

Code: [Select]
Command output: .
Exit value: 1
2018/07/16 10:58:12 ERROR> Service.pm:967 EBox::Module::Service::restartService - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/UUoao5tSs8 failed.
2018/07/16 10:58:12 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/UUoao5tSs8 failed.
Error output: ; Communication with 127.0.1.1#53 failed: timed out
 dns_request_createvia3: address family not supported

Command output: .
Exit value: 1

Code: [Select]
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since lun 2018-07-16 10:58:01 -04; 1h 30min ago
     Docs: man:named(8)
  Process: 12593 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 12600 (named)
    Tasks: 7
   Memory: 45.8M
      CPU: 17.304s
   CGroup: /system.slice/bind9.service
           └─12600 /usr/sbin/named -f -u bind -4

jul 16 11:43:55 servidor named[12600]: client 192.168.1.105#60346: update 'savidoca.com/IN' denied
jul 16 11:43:55 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: starting transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: client 192.168.1.111#65288: update 'savidoca.com/IN' denied
jul 16 11:46:19 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: starting transaction on zone savidoca.com
jul 16 11:46:19 servidor named[12600]: samba_dlz: disallowing update of signer=M11\$\@SAVIDOCA.COM name=M11.savidoca.com type=
jul 16 11:46:19 servidor named[12600]: client 192.168.1.111#57933/key M11\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE':
jul 16 11:46:19 servidor named[12600]: samba_dlz: cancelling transaction on zone savidoca.com
lines 1-23

Code: [Select]
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since lun 2018-07-16 18:06:00 -04; 16min ago
     Docs: man:named(8)
  Process: 11040 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 11048 (named)
    Tasks: 7
   Memory: 51.1M
      CPU: 2.915s
   CGroup: /system.slice/bind9.service
           └─11048 /usr/sbin/named -f -u bind -4

jul 16 18:07:46 servidor named[11048]: client 192.168.1.108#58217/key M08\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE': adding an RR at 'M08.savidoca.com' A 192.168.1.108
jul 16 18:07:46 servidor named[11048]: samba_dlz: added rdataset M08.savidoca.com 'M08.savidoca.com.        1200        IN        A        192.168.1.108'
jul 16 18:07:46 servidor named[11048]: samba_dlz: committed transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: starting transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: client 192.168.1.111#55467: update 'savidoca.com/IN' denied
jul 16 18:13:26 servidor named[11048]: samba_dlz: cancelling transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: starting transaction on zone savidoca.com
jul 16 18:13:26 servidor named[11048]: samba_dlz: disallowing update of signer=M11\$\@SAVIDOCA.COM name=M11.savidoca.com type=AAAA error=insufficient access rights
jul 16 18:13:26 servidor named[11048]: client 192.168.1.111#51058/key M11\$\@SAVIDOCA.COM: updating zone 'savidoca.com/NONE': update failed: rejected by secure update (REFUSED)
jul 16 18:13:26 servidor named[11048]: samba_dlz: cancelling transaction on zone savidoca.com

13
Other modules / There are missing options to the FTP module.
« on: May 22, 2018, 08:32:23 pm »
There are missing options to the FTP module such as:
customize the anonymous FTP directory path to store in other units.
maximum speed downloads and loads allowed, maximum connections allowed for anonymous users.
Settings as FTP Active Mode or FTP Passive Mode.
FTP and FTPS settings.

14
Hola amigos, por si tienen este problema muy frecuente de "Error en la relación de confianza entre la estación de trabajo y el dominio Principal", aquí esta la solución:

https://www.youtube.com/watch?v=oOdCK3RhksA

también recomiendo leer este articulo:
https://theitbros.com/fix-trust-relationship-failed-without-domain-rejoining/

15
Directory and Authentication / [HELP] DNS Service
« on: April 16, 2018, 07:23:08 pm »
Hello friends from the Zentyal community.
I have a server with Zentyal 5.1.1

I have a new problem with DNS names.
I have a firewall server with the Kerio Control operating system with 2 network adapters with Internet input and output and another server within the Zentyal network with the ip address 192.168.1.2.
My Zentyal Server is created with the name savidoca.com
My Firewall server is called firewall.savidoca.com

I'm having a problem with the name, I do not know if this is serious since the address www.tvfanb.mil.ve points to my DNS server and I do not know if the problem is from the military institution or something I did wrong.

http://www.tvfanb.mil.ve.ipaddress.com/

Pages: [1] 2