Messages

31

Installation and Upgrades / Re: I'm discovering Zentyal because 3.2 is very exciting....

« on: September 21, 2013, 12:35:49 pm »

Wow... First what comes in mind is - the ability to upgrade from 3.0 without losing any data or if that cannot be accomplished (yet) then just the possibility to sync the users or whole PDC over. Can we upgrade easily?
Looks impressive indeed. After 3.2 I see absolutely no reason to use Windows server in SMB's where most workstations are Windows. The ability to create OU's is stunning and the updated integration of Samba4  is absolutely fantastic.

32

Installation and Upgrades / Re: Can't delete empty GPO

« on: September 17, 2013, 11:40:46 am »

I found out that I can browse domain LDAP (the samba one) trough ADSI Edit application from RSAT. adsiedit.msc

33

Installation and Upgrades / Re: HTTP Proxy (Squid3) Very High CPU Usage After Upgrade

« on: September 11, 2013, 10:01:08 am »

Yes, 3.0 and bigblacklist doesnt coop very well. When I activate filtering of some specific categories (porn and some other ones) then RAM and SWAP suddenly reaches maximum usage, just like a huge memory leak. When I don't use these categories, it's fine!

34

Installation and Upgrades / Re: Howto change the default User Home Folder Path in a SAMBA4 environment

« on: September 10, 2013, 09:09:26 am »

I think you can use Microsoft RSAT tools to accomplish that. Then login with domain administrator, open Active Directory Users And Groups, find the right user and then properties->account if i'm not mistaken.

35

Installation and Upgrades / Re: Can't delete empty GPO

« on: September 07, 2013, 02:34:13 pm »

And they sync using s4sync from Zentyal LDAP to Samba LDAP every minute right? I understand well how I can login into Zentyal LDAP (port 390) using utilities like lat, ldapadmin, jexplorer etc... But how to login into Samba LDAP?
By the way I dont see domain-joined computers in Zentyal LDAP (only users, groups, some kerberos stuff...) like it was in 2.2. So computers should be in Samba4 LDAP instead. I will probably leave this "un-deleteable" GPO as it doesn't cause any problems, but still i'm curious about HOW to take a look into Samba4 LDAP database and IS it possible to do that using the same ldap utils?

36

Installation and Upgrades / Re: Can't delete empty GPO

« on: September 06, 2013, 09:12:36 pm »

As long as I dont try to delete that GPO (or add users/groups/computers to Security filtering which causes sysvolcheck to show errors while the policies are still parsed fine), it works totally fine. Samba LDAP database isn't the OpenLDAP one which relies on port 389/390 right? So the only utility is samba ldbsearch right? I'm totally new to this then. Maybe there are other ways how I can take a look into it and do some comparison?

37

Installation and Upgrades / Re: Can't delete empty GPO

« on: September 06, 2013, 02:17:21 pm »

Ok. Thanks for your help!
After doing sysvolreset, now sysvolcheck shows no errors, but still I can not delete the GPO (_unused and all settings disabled for it just to be sure that it doesnt cause login errors). Same error as in first post.
https://dl.dropboxusercontent.com/u/16222427/zen/Capture.PNG
If I add (or remove) something to Security Filtering then instantly sysvolcheck shows again errors which can then be corrected with sysvolreset, but still can't delete the gpo. The Links listbox is empty as well.
Anyway the login still works well and gpo's still seems to be processed fine.

EDIT: I now managed to link domain to this "non-deleting" GPO via RSAT tools as it was previously missing. Assigned one user and enabled both computer and user policies to take effect. The policies work, but still cannot delete it.
Still "server unwilling to process..." via RSAT tools and now this with samba-tools (which makes sense because there is a link again):

Code: [Select]

admins@server:~$ sudo samba-tool gpo del {6AC1786C-016F-11D2-945F-00C04FB984F9}
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GPO {6AC1786C-016F-11D2-945F-00C04FB984F9} is linked to containers
ERROR(ldb): Error removing GPO from container - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object DC=gnvg,DC=lan has no write property access
> <>
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 217, in del_gpo_link
    samdb.modify(m)I could just leave this policy there as it now does some necessary things... and create new ones for other groups/users etc....

38

Installation and Upgrades / Re: Can't delete empty GPO

« on: September 06, 2013, 01:57:25 pm »

Is it safe to run that on a production machine?
Here is output of samba-tool ntacl sysvolcheck:

Code: [Select]

admins@server:~$ sudo samba-tool ntacl sysvolcheck
[sudo] password for admins:
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[share1]"
Processing section "[share2]"
Processing section "[share3]"
Processing section "[share4]"
Processing section "[print$]"
Processing section "[printers]"
Processing section "[zentyal-quarantine]"
ldb_wrap open of idmap.ldb
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - Provisi oningError: DB ACL on GPO directory /opt/samba4/var/locks/sysvol/gnvg.lan/Polici es/{31B2F340-016D-11D2-945F-00C04FB984F9} O:DAG:DAD:PAI(A;OICI;0x001f01ff;;;DA)( A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI ;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;ED)(A;OICI;0x001200a9;;;AU) does not match  expected value O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A; OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0 x001200a9;;;ED)(A;OICI;0x001200a9;;;AU) from GPO object
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line  175, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 245 , in run
    lp)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py", li ne 1685, in checksysvolacl
    direct_db_access)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py", li ne 1636, in check_gpos_acl
    domainsid, direct_db_access)
  File "/opt/samba4/lib/python2.7/site-packages/samba/provision/__init__.py", li ne 1586, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expect ed value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, ac l))

39

Installation and Upgrades / Re: Dual booting Windows

« on: September 05, 2013, 11:59:33 am »

Try grub-mkconfig to and post the output. Distros like mint have os-prober script which finds all other os'es when you do grub-mkconfig. If it does find Windows, then grub-mkconfig -o /boot/grub/grub.cfg and reboot.

40

Installation and Upgrades / Can't delete empty GPO

« on: September 03, 2013, 05:57:01 pm »

Hi. So the problem is that I cant delete one empty GPO. This started after I added a new GPO and added a few computers in it, then removed the computers and tried to get rid of the gpo and now I cant.

Code: [Select]

admins@server:~$ sudo samba-tool gpo del {6AC1786C-016F-11D2-945F-00C04FB984F9}
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002035: objectclass: Cannot delete CN=User,CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=gnvg,DC=lan, it isn't permitted!> <>
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/gpo.py", line 1083, in run
    self.samdb.delete(ldb.Dn(self.samdb, "CN=User,%s" % str(gpo_dn)))When trying to delete it via Windows RSAT utilities, it shows that server is unwilling to process the request.
Can I fix this manually? Thanks!

41

Installation and Upgrades / Re: Logging stops after some time

« on: August 25, 2013, 11:47:26 am »

Yes, Zentyal log is definitely based on whats going on in Zentyal DB. And these logs are somehow squeezed out of original logs in /var/log.
Okay, the tables squid_traffic_daily, squid_traffic_monthly, squid_traffic_hourly, squid_traffic_weekly contain old info, no matter I purged the logs via Zentyal UI. Is it safe to delete the info in them?
It might be related of bad info in DB, maybe because I managed to get the server time a bit back when resetting server bios (It messed up monitoring, but I managed to get that back working).

Ehh, maybe I should turn the Zentyal logs better off? Would I gain any performance?

42

Installation and Upgrades / Re: Logging stops after some time

« on: August 25, 2013, 11:19:53 am »

Sorry not to mention. Zentyal log is stopping. When restarting Zentyal log service at 8:01AM, the next day now it seems to log properly, but still I can filter logs only by time period. For example if I'll try to filter HTTP Proxy log by the connected host, url, filter result, it will still show all results instead of filtered results. The same with Samba logs.
Of course if I take a look into MySQL DB of zentyal, then I can select anything I want, but still in the web interface it fails to filter properly, so something is a bit wrong there, altrough anything else in the server seems to work very well.

43

Installation and Upgrades / Re: Logging stops after some time

« on: August 24, 2013, 11:31:55 am »

Sorry for lots of bumping up, but this is really important to me, because in production I use logs a lot, especially for samba and squid.
Maybe this output helps:

Code: [Select]

admins@server:/var/log/zentyal$ sudo cat error.log | grep logs | less
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in substitution (s///) at /usr/share/zentyal/templates/logs/dbtable.mas line 36.
Use of uninitialized value $content in numeric gt (>) at /usr/share/zentyal/templates/logs/dbtable.mas line 38.
Use of uninitialized value $content in pattern match (m//) at /usr/share/zentyal/templates/logs/dbtable.mas line 41.
Use of uninitialized value $tooltip in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
Use of uninitialized value $content in join or string at /usr/share/zentyal/templates/logs/dbtable.mas line 49.
(END)
One solution would be to add a cron job to restart zentyal logs at 8:00 AM. And again I'm not quite sure how to properly do that in Zentyal.
I will appreciate all comments. Thanks!

44

Installation and Upgrades / Re: Logging stops after some time

« on: August 23, 2013, 10:52:43 am »

Looks like this.

Again ~8:00 today it stopped working. HTTP Proxy log stops, Samba access log stops, only VPN log, Antivirus update log or maybe some other logs seems to work.
After I restart Logs module:


edit: I also noticed that I cannot search trough the logs, only the time period searches work.

45

Installation and Upgrades / Logging stops after some time

« on: August 22, 2013, 10:16:54 am »

Hi. I had a problem like this in 2.2. It seems that after a day of usage, the logging stops, but Zentyal log service seems to be started. After restarting log service, it starts to work, but the period between that time is lost in the logs. It usually happens in somewhere between ~8 o'clock in the morning. Then no more logs are shown in the log section for any module.
Anyone getting this?
I'm using 3.0.25 as a gateway