Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Maekar

Pages: [1] 2 3 4
1
Spanish / Problemas DNS y Youtube
« on: January 15, 2020, 09:54:33 am »
Buenos días, había comentado algo en el subforo inglés pero viendo que @doncamilo habla español y yo me manejo mejor así lo pongo aquí también.

Tengo un servidor que hace de Firewall, Gateway, DNS, DHCP, etc.
Y por otro lado tengo un Zentyal como controlador de dominio y nada más. Las consultas DNS las reenvía al primer servidor.

En los dispositivos que usan como DNS primario el primer servidor, todo funciona perfecto.
En los clientes del dominio, que usan Zentyal como DNS primario, estoy sufriendo gravísimos problemas de acceso a Youtube. Adjunto imagen del error que aparece, de forma intermitente (a veces va bien): https://ibb.co/Fs53tgj

Zentyal está completamente actualizado y no sé qué hacer para solventar el problema.
Su configuración es muy simple y mínima, solo tiene instalado el módulo Samba y sus dependencias, y se hizo una instalación limpia en verano, no se restauró nada que pueda hacer conflicto.
Si cambio el DNS primario en los clientes, no hay fallo, pero necesito que sea Zentyal para que las carpetas del usuario se automonten.

Agradecería cualquier ayuda porque no sé cómo solventar el problema. Se me ocurre el parámetro "forward only;" en el DNS de Zentyal en lugar de "forward first;", pero no sé cómo afectaría eso al dominio ni si serviría.
No sé si es un problema de keys con samba, ya que no tengo DHCP server activado y tampoco funcionan las actualizaciones DynDNS.

Gracias de antemano,


2
Hi,

DHCP module is not even installed in our Zentyal. The DHCP server in our network is another server (OPNSense).

We have detected two major issues with DNS and Zentyal right now:

1) Zentyal doesn't update DNS records for domain clients. There are clients with Windows 7 and clients with Windows 10. There are clients that where in the old domain (from which we do not restore anything)and there are clients that are completely new machines.

2) Many clients have a DNS error when browse to Youtube. Apparently this error is random. Sometimes Youtube work well, sometimes don't. It only happens in domain clients. When this error is happening, if I change the primary DNS to everything else, the problem disappears... and return if I put Zentyal as primary DNS resolver again. I tried with rdnc flush" and reload commands you suggested in the other topic, but if it works, it doen't last long. I read about "forward only;" parameter in Bind instead "forward first;" but I don't know how that will affect Zentyal or the domain.

In /var/log/syslog I can see this:

Dec 19 12:47:15 zserver named[1517]: samba_dlz: starting transaction on zone XXXXXXXXXX.lan
Dec 19 12:47:15 zserver named[1517]: client @0x7f296804f880 10.0.7.191#65371: update 'XXXXXXXXX.lan/IN' denied
Dec 19 12:47:15 zserver named[1517]: samba_dlz: cancelling transaction on zone XXXXXXXXXXXX.lan


And some others like this:

Dec 19 13:12:40 zserver named[1517]: samba_dlz: starting transaction on zone XXXXXXXX.lan
Dec 19 13:12:40 zserver named[1517]: samba_dlz: disallowing update of signer=XXXXX\$\@XXXXXXX.LAN name=XXXXX.XXXXXX.lan type=AAAA error=insufficient access rights
Dec 19 13:12:40 zserver named[1517]: client @0x7f296c04cfa0 10.0.3.62#64916/key XXXXXX\$\@XXXXXXXXX.LAN: updating zone 'XXXXXXXXX.lan/NONE': update failed: rejected by secure update (REFUSED)
Dec 19 13:12:40 zserver named[1517]: samba_dlz: cancelling transaction on zone XXXXXXXXX.lan



I don't know where to look. As I said before, we don't configure nothing rare or advanced. The configuration is quiet simple: just a domain controller, set from scratch last summer with a clean Zentyal 6.0 image. Now, updated to 6.1.2.


Thanks




3
Hi,

Our Zentyal is updated (even today to version 6.1.2) and as I said before, there is no broken package or anything similar.

It may not be the same problem with the Dynamic DNS that was fixed in the previous update.

Normally we use RSAT to remove clients from the domain before being replaced with new computers, which have the same hostname of the olders. Thats the only use of RSAT we do.
Is it possible that this may be related to the Dynamic DNS malfunction?
As I say, clients IP are not updated if the DHCP server assigns them a different one, the Zentyal Server resolve always with the old ones.

Thanks for the help @doncamilo

4
Hi, I did it and nothing seems wrong to me.
No broken packages, all are updated, no errors in zentyal.log...
I repeat the samba_dnsupdate test and this time does not return errors.

Our environmet is really simple. We did a clean installation of Zentyal 6.0 last summer and configured the domain from scratch, without restore any backup. Then, updated to 6.1 from dashboard without errors and all those problems come.

Dynamic DNS updates are not working at all for domain clients.

And what is worst: I'm having again complains with DNS and Youtube for clients machines, I wonder if is related: https://forum.zentyal.org/index.php/topic,34793.0.html

Thanks!


5
I think Dynamic DNS is not working, according to this: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Updating_the_DNS_Fails:_NOTAUTH

If I test dynamic DNS with samba_dnsupdate --verbose --all-names I get the NOTAUTH error. "If BIND uses incorrect Kerberos settings on the Samba Active Directory (AD) domain controller (DC), dynamic DNS updates fail".

Any way to fix this without broke anything else? For the momment, I add a static IP in the affected computers, but its not a solution...

PS: Zentyal is in 6.1.1


6
We continue with DNS problems, I regret the day we updated the old Zentyal Server from 3.5...

All the devices in our network have dynamic IP.
The DHCP server is not the Zentyal machine, because we have arround 1500 devices and only 100 are in the domain.
So, the domain clients have dynamic IP except manually the Zentyal server as their primary DNS.

Now I noted nslookup answers are not updated with the actual IP for a couple of computers I recently replace, and that is the reason they can't connect to a shared printer.

How can I force the update of these records?

Thanks in advance


7
Installation and Upgrades / Re: DNS error with Youtube after 6.1 update
« on: December 11, 2019, 10:22:27 am »
I did it and one week later I have no complaints, I think it's solved.

Thanks for the help @doncamilo  :D

8
Installation and Upgrades / Re: DNS error with Youtube after 6.1 update
« on: December 04, 2019, 01:36:11 pm »
In /var/log/syslog I see these lines frequently (I omited hostname and domain name), I don't know if are related with the issue. Some updates are ok but others:

Dec  4 13:29:59 zentyal named[1449]: samba_dlz: disallowing update of signer=XXX\$\@XXX.LAN name=xxxxx type=AAAA error=insufficient access rights
Dec  4 13:29:59 zentyal named[1449]: client @0x7fa558033c90 10.0.1.157#56597/key xxx\$\@xxx.LAN: updating zone xxxx.lan/NONE': update failed: rejected by secure update (REFUSED)
Dec  4 13:29:59 zentyal named[1449]: samba_dlz: cancelling transaction on zone xxxx.lan

Sorry if doesn't help, is the only thing look like an error to me...

Thanks

9
Hi,

I have Zentyal as PDC for Windows clients and the DNS is in forwarder mode (to the router). Since 6.1 update, a lot of computers are experiencing randomly fails when enter in Youtube website. The browser display a network DNS error, but if I change the primary DNS (to our router directly or any external DNS like Google), everything runs okay.
Of course, this only happens in machines with Zentyal as primary DNS server. Other devices in our network have no problems at all.

Thanks in advance

EDIT: For clarify, I've detected problems with Youtube because we use it a lot, but I don't say everything else is ok. Clearly something is broken with DNS queries and domain clients since 6.1 update.


10
Installation and Upgrades / Re: zentyal.loggerd.service fails
« on: November 26, 2019, 08:50:56 am »
Hi, still happens in 6.1 after update.

I did a clean installation last summer and the only package I have installed is Samba for PDC (and dependencies).

Any clue where I can look into?

Thanks

11
Installation and Upgrades / zentyal.loggerd.service fails
« on: November 20, 2019, 09:57:34 am »
Hi, in /var/log/syslog, Zentyal 6.0.1, it happens constantly:

Nov 20 09:54:32 zserver systemd[1]: zentyal.loggerd.service: Main process exited, code=exited, status=9/n/a
Nov 20 09:54:32 zserver systemd[1]: zentyal.loggerd.service: Failed with result 'exit-code'.
Nov 20 09:54:32 zserver systemd[1]: zentyal.loggerd.service: Service hold-off time over, scheduling restart.
Nov 20 09:54:32 zserver systemd[1]: zentyal.loggerd.service: Scheduled restart job, restart counter is at 1121.
Nov 20 09:54:32 zserver systemd[1]: Stopped Zentyal logger daemon.
Nov 20 09:54:32 zserver systemd[1]: Started Zentyal logger daemon.



12
News and Announcements / Re: Zentyal 6.0 available!
« on: December 21, 2018, 01:16:27 pm »
Hi, where is the data backup module? It appears in 6.0 Documentation but I can't see it in Zentyal: https://doc.zentyal.org/en/backup.html

Is an only-commercial feature now?
Hello?

13
News and Announcements / Re: Zentyal 6.0 available!
« on: December 04, 2018, 03:06:51 pm »
Hi, where is the data backup module? It appears in 6.0 Documentation but I can't see it in Zentyal: https://doc.zentyal.org/en/backup.html

Is an only-commercial feature now?

15
Directory and Authentication / Re: Zentyal 4.2.2 samba high memory usage
« on: October 20, 2016, 12:51:04 pm »
Update2:
Cleaned up the AD, using LDAP Admin tool Professional (trial).
Deleted all dead DC's, related replication settings, etc. In short: Any sign of non-existing other DC's.
after 2 hours, it looks like memory stays perfectly low.

Update3: After one full day, memory still good. I consider this solved.

Hi,

I have exactly the same problem but in a Zentyal 3.0 version.

Can you describe the steps to do that in LDAP Admin Tool? I have searched the hostname of my old DC with "cn" option and I've deleted 3 entries in the tree, but I still can select it on the top right corner as a Domain Controller. I'm not sure if its enough or if I'm missing something.

EDIT: I think it's solved. Thanks a lot!

Pages: [1] 2 3 4