This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Directory and Authentication / Goal of idmap.ldb and RFC 2307 with zentyal
« on: December 22, 2022, 11:06:54 am »
Hello,
I've two questions
- One of my installs, idmap.ldb has arround 58 records however I've more AD objects than that. Since Zentyal uses RFC 2307 why do we need idmap.ldb? How is it populated?
- As I said, Zentyal uses RFC 2307, and I can see that it manages uidnumber, gidnumber, etc automatically. Lets supposed that you join zentyal to a domain where some objects already have some uidnumbers and gidnumbers. How does it deal with that?
Cheers
I've two questions
- One of my installs, idmap.ldb has arround 58 records however I've more AD objects than that. Since Zentyal uses RFC 2307 why do we need idmap.ldb? How is it populated?
- As I said, Zentyal uses RFC 2307, and I can see that it manages uidnumber, gidnumber, etc automatically. Lets supposed that you join zentyal to a domain where some objects already have some uidnumbers and gidnumbers. How does it deal with that?
Cheers
2
Installation and Upgrades / [Solved ]Problem creating GPOs with vfs object = full_audit
« on: March 24, 2022, 09:07:01 pm »
I was trying to do this procedure:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
3
Directory and Authentication / Changing .local to .com Domain
« on: December 27, 2021, 01:23:41 pm »
Hello,
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
4
Installation and Upgrades / Problems with DNS on 7.0
« on: March 10, 2021, 04:18:19 am »
Hi!
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
5
Installation and Upgrades / Zentyal not updating reverse lookup Zone
« on: June 19, 2020, 04:54:14 am »
Hi!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
6
Installation and Upgrades / Stuck Upgrading from 5.1.3 to 6.0
« on: November 25, 2018, 02:32:55 am »
Hi,
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
7
Installation and Upgrades / Upgrade Zentyal to 6.0 and Ubuntu to 18.04
« on: October 31, 2018, 01:29:52 pm »
Hi!
What would be the correct procedure to upgrade Zentyal from 5.1.1 to version 6.0 and also ubuntu 16.04 to 18.04?
Thank you!
What would be the correct procedure to upgrade Zentyal from 5.1.1 to version 6.0 and also ubuntu 16.04 to 18.04?
Thank you!
8
Installation and Upgrades / [SOLVED] Sysvol not syncing Version 5
« on: February 26, 2017, 05:29:30 pm »
Since I upgrade a domain to version 5 (2 zentyal servers) I have no sysvol replication.
Before I had these messages on zentyal.log
SysvolSync.pm:194 EBox::Samba::SysvolSync::sync - Synchronizing sysvol share from xxx.domain.local
Now it doesn't show anything.
What can I do?
Before I had these messages on zentyal.log
SysvolSync.pm:194 EBox::Samba::SysvolSync::sync - Synchronizing sysvol share from xxx.domain.local
Now it doesn't show anything.
What can I do?
9
Installation and Upgrades / Can't add additional DC
« on: February 26, 2017, 05:44:21 am »
Hi!
I'm trying to add a Zentyal Server (version 5) as an additional DC of an already existing domain that which PDC is a Zentyal Server also (version 5).
I get this error:
Any help?
I'm trying to add a Zentyal Server (version 5) as an additional DC of an already existing domain that which PDC is a Zentyal Server also (version 5).
I get this error:
Quote
2017/02/26 04:37:21 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK failed.
Error output: update failed: NOTAUTH
Command output: .
Exit value: 2 at root command nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK failed.
Error output: update failed: NOTAUTH
Command output: .
Exit value: 2 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/66lDsmFVAY.cmd 2> /var/lib/zentyal/tmp/stderr', 'nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK', 512, 'ARRAY(0x92434f0)', 'ARRAY(0x45a0c80)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK') called at /usr/share/perl5/EBox/DNS.pm line 923
EBox::DNS::_postServiceHook('EBox::DNS=HASH(0x7374fa8)', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 941
EBox::Module::Service::_regenConfig('EBox::DNS=HASH(0x7374fa8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::DNS=HASH(0x7374fa8)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 689
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 687
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x68b6340)', 'progress', 'EBox::ProgressIndicator=HASH(0x686b888)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x686c9c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x686b888)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2017/02/26 04:37:21 ERROR> GlobalImpl.pm:695 EBox::GlobalImpl::saveAllModules - Failed to restart dns after save changes: root command nsupdate -g -t 10 /var/lib/zentyal/tmp/g1QXiQP8NK failed.
Error output: update failed: NOTAUTH
Command output: .
Exit value: 2
2017/02/26 04:37:21 ERROR> GlobalImpl.pm:736 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: dns at The following modules failed while saving their changes, their state is unknown: dns at /usr/share/perl5/EBox/GlobalImpl.pm line 736
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x68b6340)', 'progress', 'EBox::ProgressIndicator=HASH(0x686b888)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x686c9c8)', 'progress', 'EBox::ProgressIndicator=HASH(0x686b888)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
Any help?
10
Directory and Authentication / [BUG] - a processing error occurred collecting data using this base domain contr
« on: January 06, 2016, 05:57:54 pm »
I've been using Zentyal for 2 years.
Now I got this error when I try to open Group Policy Management: a processing error occurred collecting data using this base domain controller
I'm using the latest version. Servers are completly updated...
Any hint?
Now I got this error when I try to open Group Policy Management: a processing error occurred collecting data using this base domain controller
I'm using the latest version. Servers are completly updated...
Any hint?
11
Installation and Upgrades / [BUG] Zentyal 4.1 - Users and Computers - Synchronization
« on: March 30, 2015, 12:04:11 am »
Hi!
When I click "Synchronization" inside Users and Computers I get:
Hints?
When I click "Synchronization" inside Users and Computers I get:
Code: [Select]
Run.pm:83 EBox::CGI::Run::run - Unable to load CGI: URL=Samba/View/Master CLASS=EBox::Samba::CGI::View::Master ERROR: Can't locate EBox/Samba/CGI/View/Master.pm in @INC (you may need to install the EBox::Samba::CGI::View::Master module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at (eval 843) line 2, <GEN0> line 245.
BEGIN failed--compilation aborted at (eval 843) line 2, <GEN0> line 245.
Hints?
12
Installation and Upgrades / Zentyal 4.1 - GUI Domain Options
« on: March 29, 2015, 11:49:32 pm »
Hi!
Upgraded to 4.1 version and now I can only see "Settings" inside Domain menu.
Before there was GPO options.
Is it a Bug?
Upgraded to 4.1 version and now I can only see "Settings" inside Domain menu.
Before there was GPO options.
Is it a Bug?
13
Installation and Upgrades / Question About Reverse DNS
« on: March 22, 2015, 03:00:38 pm »
Hi!
I don't use Zentyal as DHCP server.
I would like to automatically update reverse zone with "Update Associated Pointer" option on RSAT but it's not working.
Is this even possible?
Thanks
I don't use Zentyal as DHCP server.
I would like to automatically update reverse zone with "Update Associated Pointer" option on RSAT but it's not working.
Is this even possible?
Thanks
14
Installation and Upgrades / Some types of GPOs doesn't work when applied to a specific OU
« on: March 13, 2015, 09:31:58 pm »
Hi Guys!
I've been testing Zentyal for some time and I find an odd situation.
There are some kind of gpo settings that are not applied when the GPO is linked into an OU.
Example: setting a wallpaper with "administrative templates" or creating a folder via gpo.
Other types works everywhere. Example: Computer Configuration - > Preferences -> Windows Settings -> Shortcuts
Any explanation?
The very same GPO when applied to the root of the domain works.
When I run
sudo samba-tool gpo aclcheck
Don't know if it's related...
Hints?
I've been testing Zentyal for some time and I find an odd situation.
There are some kind of gpo settings that are not applied when the GPO is linked into an OU.
Example: setting a wallpaper with "administrative templates" or creating a folder via gpo.
Other types works everywhere. Example: Computer Configuration - > Preferences -> Windows Settings -> Shortcuts
Any explanation?
The very same GPO when applied to the root of the domain works.
When I run
sudo samba-tool gpo aclcheck
Quote
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 1150, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
Don't know if it's related...
Hints?
15
Installation and Upgrades / [BUG] - Domain Group Policy Links - LDAP error: The request contained an invalid
« on: March 13, 2015, 02:22:13 pm »
Fourtantly I had a backup of Zentyal VM.
Basically when I try to link a GPO into a OU (Via zentyal web gui) I get this log:
2015/03/13 13:17:13 ERROR> LDAPBase.pm:576 EBox::LDAPBase::_errorOnLdap - LDAP error: The request contained an invalid DN
and the web interface says:
Element not found
we're sorry
The request contains a reference to a element which doest not exists
If you typed the page address manually, please check it
Maybe the element was removed and the page address is not longer valid
It can be also a parameters cache error, in this case you can navigate again to the page using the left menu
If you need more help, you may want visit Zentyal homepage for documentation and mailing lists
This also breaks the hability to run RSAT to manage GPO.
After this error everytime I click "Domain Group Policy Links" it shows the error.
I can reproduce it over and over again because my Zentyal is a VM.
Basically when I try to link a GPO into a OU (Via zentyal web gui) I get this log:
2015/03/13 13:17:13 ERROR> LDAPBase.pm:576 EBox::LDAPBase::_errorOnLdap - LDAP error: The request contained an invalid DN
and the web interface says:
Element not found
we're sorry
The request contains a reference to a element which doest not exists
If you typed the page address manually, please check it
Maybe the element was removed and the page address is not longer valid
It can be also a parameters cache error, in this case you can navigate again to the page using the left menu
If you need more help, you may want visit Zentyal homepage for documentation and mailing lists
This also breaks the hability to run RSAT to manage GPO.
After this error everytime I click "Domain Group Policy Links" it shows the error.
I can reproduce it over and over again because my Zentyal is a VM.
Pages: [1] 2