Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Samba SSL Certificates - Zentyal 5
« on: July 09, 2020, 02:58:25 am »
Hi all,
An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)
How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?
Thank you so much in advance!
Regards,
S~
An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)
How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?
Thank you so much in advance!
Regards,
S~
2
Directory and Authentication / "Map to guest" samba on Zentyal 5
« on: July 09, 2020, 02:53:15 am »
Hi all,
I've been trying to modify the above parameter in /etc/samba/smb.conf with no success; "Bad User" and "Bad Password" are accepted but I need to change it to "Never" to avoid Null session attacks.
If I try to modify this parameter and set it to "Never", testparm just skips it altogether. Even just commenting it out didn't work, as "Never" is the default behaviour I kinda hoped I had found a workaround but no joy, I'm still able to reproduce a null session.
I know that Zentyal uses stubs in some cases for certain configurations, and in fact I was able to find the right one (I thought) at this location: /usr/share/zentyal/stubs/samba.
But even changing the stub there did not yield any results (if that is the intended behaviour, I'm not entirely sure).
I also found another configuration file in /etc/zentyal, but it looks like that takes care more of the GUI elements in Zentyal web interface rathen than samba itself? Please correct me if I'm wrong.
Am I missing something obvious or do you have any ideas?
Oh, also my smb.conf is untouched, apart from that modification I wanted to make, so it's all standard Zentyal so to speak.
Thank you very much!
S~
I've been trying to modify the above parameter in /etc/samba/smb.conf with no success; "Bad User" and "Bad Password" are accepted but I need to change it to "Never" to avoid Null session attacks.
If I try to modify this parameter and set it to "Never", testparm just skips it altogether. Even just commenting it out didn't work, as "Never" is the default behaviour I kinda hoped I had found a workaround but no joy, I'm still able to reproduce a null session.
I know that Zentyal uses stubs in some cases for certain configurations, and in fact I was able to find the right one (I thought) at this location: /usr/share/zentyal/stubs/samba.
But even changing the stub there did not yield any results (if that is the intended behaviour, I'm not entirely sure).
I also found another configuration file in /etc/zentyal, but it looks like that takes care more of the GUI elements in Zentyal web interface rathen than samba itself? Please correct me if I'm wrong.
Am I missing something obvious or do you have any ideas?
Oh, also my smb.conf is untouched, apart from that modification I wanted to make, so it's all standard Zentyal so to speak.
Thank you very much!
S~
3
Directory and Authentication / Re: Radius module missing
« on: February 18, 2020, 12:14:53 pm »
That would explain it!
Thank you very much for your reply, I have some upgrading to do
Regards,
-S
Thank you very much for your reply, I have some upgrading to do
Regards,
-S
4
Directory and Authentication / Radius module missing
« on: February 17, 2020, 12:05:08 pm »
Hi all,
It appears that the 'zentyal-radius' module is missing from my configuration? It doesn't show up in the web GUI or in the 'apt' list.I've attached a couple of screenshots to show you what I mean. I've tried to attach a couple of screenshots but had no luck... I'm copy/pasting below (sorry about the long list)
--Web GUI--
Zentyal components
Install Update 0 Delete
Component Latest Version Select
Antivirus 5.1.1
Certification Authority 5.1
FTP 5.1
HTTP Proxy 5.1
Intrusion Prevention System 5.1.1
Jabber 5.1
Mail 5.1
Mail Filter 5.1
VPN 5.1
Web Mail 5.1
--Apt search list--
zentyal/unknown,unknown,now 5.1 all [installed]
Zentyal - Core metapackage
zentyal-all/unknown,unknown 5.1 all
Zentyal - All Modules
zentyal-antivirus/unknown,unknown 5.1.1 all
Zentyal - Antivirus
zentyal-ca/unknown,unknown 5.1 all
Zentyal - Certification Authority
zentyal-core/unknown,unknown,now 5.1.3 all [installed,automatic]
Zentyal - Core
zentyal-dhcp/unknown,unknown,now 5.1.1 all [installed]
Zentyal - DHCP Server
zentyal-dns/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - DNS Server
zentyal-firewall/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Firewall
zentyal-ftp/unknown,unknown 5.1 all
Zentyal - FTP
zentyal-groupware/unknown,unknown 5.1 all
Zentyal - Mail and Groupware
zentyal-ips/unknown,unknown 5.1.1 all
Zentyal - Intrusion Prevention System
zentyal-jabber/unknown,unknown 5.1 all
Zentyal - Jabber
zentyal-mail/unknown,unknown 5.1 all
Zentyal - Mail
zentyal-mailfilter/unknown,unknown 5.1 all
Zentyal - Mail Filter
zentyal-network/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Network Configuration
zentyal-ntp/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - NTP Service
zentyal-openvpn/unknown,unknown 5.1 all
Zentyal - VPN
zentyal-samba/unknown,unknown,now 5.1.2 all [installed]
Zentyal - Domain Controller and File Sharing
zentyal-software/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Software Management
zentyal-sogo/unknown,unknown 5.1 all
Zentyal - Web Mail
zentyal-squid/unknown,unknown 5.1 all
Zentyal - HTTP Proxy
zsupporttools/unknown,unknown 5.1 all
Zentyal - Support Tools
Is it possible that I have to activate some other module(s) before I am able to access the radius one?
Thank you in advance!
Regards,
Stefano
It appears that the 'zentyal-radius' module is missing from my configuration? It doesn't show up in the web GUI or in the 'apt' list.
--Web GUI--
Zentyal components
Install Update 0 Delete
Component Latest Version Select
Antivirus 5.1.1
Certification Authority 5.1
FTP 5.1
HTTP Proxy 5.1
Intrusion Prevention System 5.1.1
Jabber 5.1
Mail 5.1
Mail Filter 5.1
VPN 5.1
Web Mail 5.1
--Apt search list--
zentyal/unknown,unknown,now 5.1 all [installed]
Zentyal - Core metapackage
zentyal-all/unknown,unknown 5.1 all
Zentyal - All Modules
zentyal-antivirus/unknown,unknown 5.1.1 all
Zentyal - Antivirus
zentyal-ca/unknown,unknown 5.1 all
Zentyal - Certification Authority
zentyal-core/unknown,unknown,now 5.1.3 all [installed,automatic]
Zentyal - Core
zentyal-dhcp/unknown,unknown,now 5.1.1 all [installed]
Zentyal - DHCP Server
zentyal-dns/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - DNS Server
zentyal-firewall/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Firewall
zentyal-ftp/unknown,unknown 5.1 all
Zentyal - FTP
zentyal-groupware/unknown,unknown 5.1 all
Zentyal - Mail and Groupware
zentyal-ips/unknown,unknown 5.1.1 all
Zentyal - Intrusion Prevention System
zentyal-jabber/unknown,unknown 5.1 all
Zentyal - Jabber
zentyal-mail/unknown,unknown 5.1 all
Zentyal - Mail
zentyal-mailfilter/unknown,unknown 5.1 all
Zentyal - Mail Filter
zentyal-network/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Network Configuration
zentyal-ntp/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - NTP Service
zentyal-openvpn/unknown,unknown 5.1 all
Zentyal - VPN
zentyal-samba/unknown,unknown,now 5.1.2 all [installed]
Zentyal - Domain Controller and File Sharing
zentyal-software/unknown,unknown,now 5.1 all [installed,automatic]
Zentyal - Software Management
zentyal-sogo/unknown,unknown 5.1 all
Zentyal - Web Mail
zentyal-squid/unknown,unknown 5.1 all
Zentyal - HTTP Proxy
zsupporttools/unknown,unknown 5.1 all
Zentyal - Support Tools
Is it possible that I have to activate some other module(s) before I am able to access the radius one?
Thank you in advance!
Regards,
Stefano
Pages: [1]