Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - turalyon

Pages: 1 ... 6 7 [8] 9 10 ... 14
106
Installation and Upgrades / Re: Zentyal 7.0.4 viewing log files
« on: June 16, 2022, 12:43:07 pm »
Hi,

It's a bug. Below you have the link to the issue and the workaround.

* https://github.com/zentyal/zentyal/issues/2055#issuecomment-932964974

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

107
Spanish / Re: errores al guardar configuración.
« on: June 07, 2022, 05:01:04 pm »
Hola Alfonso,

Tienes que analizar el archivo de log /var/log/zentyal/zentyal.log, allí verás entras que tienen 'ERROR>' o 'WARN>' con la información del error.

Un saludo.

--

“This world is ours, and by the Holy Light we will keep it safe, now and forever".

108
Spanish / Re: Permisos en recurso compartido
« on: May 30, 2022, 10:36:28 am »
Hola, muchas gracias por contestar. Has entendido lo que te he explicado, lo que pasa es que no me he explicado bien.

 Te comento:  Asignando los permisos desde Zentyal al recurso compartido funciona SOLO si le doy permisos de ADMINISTRADOR, si le asigno LECTURA Y ESCRITURA no pueden acceder.
 Además es totalmente imposible gestionar los permisos desde windows a las subcarpetas. Si que se cambian en propiedades pero a la hora de acceder no hace ni caso.
             

Buenos días,

Si fuera tu, comenzaría abordando el problema de los permisos desde Zentyal, ya que el resto pueden derivar de este.

Te recomendaría que mediante los comandos getfactl que te indiqué revises qué cambios se realizan tanto en el directorio 'padre' como en el resto de archivos y directorios cuando cambias los permisos de 'Administrador' a 'Lectura y escritura'. Además, también deberías de revisar el contenido del archivo /etc/samba/shares.conf una vez que hayas aplicado los cambios, no vayan a ir por allí los tiros.

También recuerda que deberás de analizar los archivos de log: /var/log/zentyal/zentyal.log y /var/log/syslog por si hubiera algún tipo de error cuando estableces determinados permisos.

Un saludo.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

109
Spanish / Re: Permisos en recurso compartido
« on: May 26, 2022, 10:27:38 am »
Hola,

Si he entendido bien, tienes un recurso compartido llamado 'DATOS', y dentro de él, has copiado el contenido que tienes en un disco duro secundario, cuyo origen de datos es otro servidor Linux. Y el problema radica que al tratar de acceder a la información de este recurso compartido desde un Windows te está dando problemas de acceso. ¿Es correcto?

Suponiendo que lo haya entendido bien, probablemente la incidencia sea causada por la falta de algún permiso esencial que se requiere y que los datos del recurso compartido carecen. Para que puedas identificar los permisos que establece Zentyal en sus recursos compartidos y puedas compararlos, te recomendaría que hicieras lo siguiente:

1. Crea otro recurso compartido temporal y establece unos permisos sencillos como RO para un usuario y RWX para un grupo.
2. Desde el mismo Windows que tiene problemas de acceso al recurso de 'DATOS'.
3. Crea un archivo en el recurso temporal para confirmar su funcionamiento.
4. En el servidor Zentyal, revisa los permisos (ACLs) que tiene tanto el directorio 'padre' como el contenido dentro de él.
Code: [Select]
sudo getfacl /home/samba/shares/nombre-del-recurso-temporal
sudo getfacl -R /home/samba/shares/nombre-del-recurso-temporal
5. Revisa los permisos (ACLs) del recurso compartido 'DATOS'.
Code: [Select]
sudo getfacl /home/samba/shares/DATOS
sudo getfacl -R /home/samba/shares/DATOS
6. Compara los permisos de ambos recursos.

Espero que te sea de ayuda.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

110
Other modules / Re: Problems saving network data
« on: May 23, 2022, 10:53:13 am »
I didn't see that error before. Perhaps it is time to contact sales so they can inform you about getting a support ticket.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

111
Hi,

I don't know a simpler method than the above.

My recommendation is:

1. Mark a mark in the log file '/var/log/samba/samba.log'
2. Log in and log out of a domain computer with a domain user.
3. Make another mark in the log file.
4. Analyze the records from the marks.
5. 'Create' the command that retrieves the records in the format you like (you can use the commands: 'grep', 'cut', 'awk').

I hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

112
Other modules / Re: Problems saving network data
« on: May 19, 2022, 03:47:50 pm »
Hi,

If I were you, I would disable the Antivirus and Mailfilter modules temporarily so the log files (syslog and zentyal.log) could be easier to read while debugging the issue.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

113
Hi Faisal,

The password policies are managed by Samba itself through the command: 'samba-tool domain passwordsettings'. For this particular case, you cannot use a GPO. Below you have the link that explains how to configure those password policies.

* https://wiki.samba.org/index.php/Password_Settings_Objects

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

114
Hi Faisal,

The things I would do are:

1. Create a shell script that formats the output as I wish.
2. Create a cron job that runs the script each hour and sends (redirects) the results to a log file in the directory '/var/log/'.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

115
Other modules / Re: Problems saving network data
« on: May 18, 2022, 11:21:35 am »
Hi,

Well, basically Apparmor is blocking the script that manages the DDNS feature. So, as the link explains, you have 2 alternatives:

1. Disable apparmor.
2. Tune the dhcpd profile of Apparmor.

Once you have applied one of those 2 solutions, I recommend you enable the debug in the script, so you can analyze each step until you confirm that it worked correctly. To do this, just add 'set -x' in the second line of the script located at '/usr/share/zentyal-dhcp/dhcp-dyndns.sh'.

Once you did all the above, try again to get a DHCP IP from a computer while you monitor the log file '/var/log/syslog'.

Code: [Select]
sudo tail -f /var/log/syslog

I hope it helps you.

116
Hi,

Unfortunately, you cannot use roaming profile feature in a Zentyal server that was configured as an additional domain controller. Below are a few things you can try:

1. Retrieve the information of one domain user who uses the roaming profile.

Code: [Select]
ldbsearch -H /var/lib/samba/private.sam sAMAccountName=some_user_name

2. After you get that information, you will see an attribute that points to the 'old' server.

3. Through an LDIF file, change the value of that attribute for your current Zentyal. Below is an example:

Code: [Select]
## LDIF content
dn: CN=Gabriel Batistuta,CN=Users,DC=lab,DC=lan
changetype: modify
replace: profilePath
profilePath: \\additional.LAB.LAN\profiles\gabriel

## Command to apply the LDIF
ldbmodify -H /var/lib/samba/private/sam.ldb roaming-profile.ldif

NOTE: I didn't use this method for a while, so try it in a test environment.

4. Copy the domain user personal roaming folder to the other Zentyal server.

NOTE: Be careful with the permissions and the directory structure. It must the same on both servers.

5. Try to login with that domain user and check if it worked.

Hope it helps.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

117
Hi,

You can get that information from the log file '/var/log/samba/samba.log'. So, the best approach is to create a shell script that search, parse and display the information as you want.

Below you have two commands that you can try to retrieve the information you are looking for:

Code: [Select]
## Login
grep -B 1 'connect to service netlogon' /var/log/samba/samba.log

## Logout
grep -B 1  -P 'closed connection to service (?!.*IPC|netlogon)' /var/log/samba/samba.log

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

118
Other modules / Re: Problems saving network data
« on: April 25, 2022, 04:56:13 pm »
I have now checked the syslog, there I found the following errors:

Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[11870]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:45 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 47.
Apr 24 10:00:50 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[11926]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:50 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:53 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.20 DHCID: 48:e1:e9:71:21:1d Name: Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 kernel: [  612.267609] audit: type=1400 audit(1650787253.510:24): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=11955 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.20
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:21:1d
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:53 srvdc01 dhcpd[11955]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:53 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.20 from 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:53 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.20 to 48:e1:e9:71:21:1d (Meross_Smart_Plug) via eth0
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Service hold-off time over, scheduling restart.
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Scheduled restart job, restart counter is at 48.
Apr 24 10:00:55 srvdc01 systemd[1]: Stopped Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[1]: Started Executable for On-Access scans.
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed to execute command: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[12088]: zentyal.antivirus-clamonacc.service: Failed at step EXEC spawning /usr/bin/clamonacc: No such file or directory
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Main process exited, code=exited, status=203/EXEC
Apr 24 10:00:55 srvdc01 systemd[1]: zentyal.antivirus-clamonacc.service: Failed with result 'exit-code'.
Apr 24 10:00:56 srvdc01 systemd[1]: Started Session c3 of user ejabberd.
Apr 24 10:00:57 srvdc01 dhcpd[5585]: Commit: IP: 192.168.1.40 DHCID: 48:e1:e9:71:0e:cf Name: Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[1] = add
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[2] = 192.168.1.40
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[3] = 48:e1:e9:71:0e:cf
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute_statement argv[4] = Meross_Smart_Plug
Apr 24 10:00:57 srvdc01 dhcpd[12272]: Unable to execute /usr/share/zentyal-dhcp/dhcp-dyndns.sh: Permission denied
Apr 24 10:00:57 srvdc01 dhcpd[5585]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPREQUEST for 192.168.1.40 from 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0
Apr 24 10:00:57 srvdc01 dhcpd[5585]: DHCPACK on 192.168.1.40 to 48:e1:e9:71:0e:cf (Meross_Smart_Plug) via eth0

regarding DHCP I have executed the following command:
/usr/share/zentyal-dhcp/dhcp-dyndns.sh

Message:
Required keytab /etc/dhcp/samba-keys/dhcpduser.keytab not found, it needs to be created.
Use the following commands as root
samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
chown XXXX:XXXX /etc/dhcp/samba-keys/dhcpduser.keytab
Replace 'XXXX:XXXX' with the user & group that dhcpd runs as on your distro
chmod 400 /etc/dhcp/samba-keys/dhcpduser.keytab

Executed the following command:
sudo samba-tool domain exportkeytab --principal=dhcpduser@ZENTYAL-DOMAIN.LAN /etc/dhcp/samba-keys/dhcpduser.keytab
sudo chown root:dhcpd /etc/dhcp/samba-keys/dhcpduser.keytab

But unfortunately the problem remains

Hi,

Well, you're facing 2 bugs:

1. With the antivirus module:

Code: [Select]
/usr/bin/clamonacc: No such file or directory

The binary 'clamonacc' has changed. Now I thing is '/usr/sbin/' instead of '/usr/bin/'. You need to change the daemon located at '/lib/systemd/system/zentyal.antivirus-clamonacc.service'. Remember to reload the Systemd configuration before restart the antivirus module.

Code: [Select]
sudo systemctl daemon-reload
sudo zs antivirus restart

2. Apparmor is blocking the usage of DDNS script.

Code: [Select]
Apr 24 10:00:57 srvdc01 kernel: [  616.354148] audit: type=1400 audit(1650787257.598:25): apparmor="DENIED" operation="exec" profile="/usr/sbin/dhcpd" name="/usr/share/zentyal-dhcp/dhcp-dyndns.sh" pid=12272 comm="dhcpd" requested_mask="x" denied_mask="x" fsuid=118 ouid=0

The link with the fix below:

* https://github.com/zentyal/zentyal/issues/1930

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

119
i keep seeing logs saying dhcp-dns failed 02
PM if someone want to fix this and will get payed

Did you consider to contact with Zentyal and buy a ticket? Perhaps the official support can help you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

120
Installation and Upgrades / Re: Migration From Linux LDAP NT4 PDC?
« on: April 22, 2022, 10:33:57 am »
Hi,

You can export the domain groups and users and perhaps, their passwords too, however, the computers cannot be migrated. You will need to unjoin and join them again to the new domain controller.

Zentyal has two scripts that allow to import domain users and group from a csv files. Below you have more information about it.

* https://doc.zentyal.org/en/directory.html#importing-and-exporting-users-and-groups

To create those csv files from your current Samba, you could create a shell script that uses ldapsearch/ldbsearch command to retrieve the required information.

Hope it helps you.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

Pages: 1 ... 6 7 [8] 9 10 ... 14