This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Directory and Authentication / Re: Update Policy Definitions and remove map drive
« on: April 19, 2023, 11:29:55 am »
You can use RSAT tools from any client station connected to the domain just like you would with a Windows Server. You can manage your shares from there as well.
https://www.microsoft.com/en-us/download/details.aspx?id=45520.
https://www.microsoft.com/en-us/download/details.aspx?id=45520.
2
Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: November 18, 2022, 07:52:43 pm »Hi,
For me, after a long research, feature and process testing, and more than 20 lab test migrations of my current systems (and after completing the first production transparent migration), my alternative is Univention (https://www.univention.com/).
Univention even has a plugin called adtakeover, that can migrate a whole domain (users, groups, passwords, etc.)
On their forums I noticed that you had some issues with the migration to Univention. You got no response there. Did you solve those issues? And if you did then how?
3
Other modules / Re: Firewall issue with DROPPED TCP to a proxmox server, seems no reason?
« on: January 04, 2021, 05:21:27 pm »
I think your firewall trouble is kind of secondary to your primary problem.
You put your devices (be it the client or the Proxmox machines) on a /32 netmask. By doing that you completely isolate those devices from any networks (both LAN and WAN) unless you set a static route to your router on them. Why would you assign that to a device you want to be a part of your network? You basically disconnect them from your network and then wonder why they can't see each other. Set your netmask to /24 everywhere and you get rid of your problem whatsoever.
You put your devices (be it the client or the Proxmox machines) on a /32 netmask. By doing that you completely isolate those devices from any networks (both LAN and WAN) unless you set a static route to your router on them. Why would you assign that to a device you want to be a part of your network? You basically disconnect them from your network and then wonder why they can't see each other. Set your netmask to /24 everywhere and you get rid of your problem whatsoever.
4
Other modules / Re: Trying to confirm use case- newbie question
« on: December 08, 2020, 11:55:50 am »
You can't manage GPOs directly from the Zentyal GUI but you can user Remote Server Administration Tools from any Windows computer conntected to the domain. There is a link in the "Domain section" of Zentyal GUI.
5
Other modules / Successful RADIUS logins can't be filtered in GUI logs
« on: December 03, 2020, 07:29:49 pm »
Hi,
I found a problem with RADIUS logs in the GUI. When a successful login occurs, it's doesn't show as a "Login OK" event but rather, it is reported as an empty event which can't be filtered. Failures are displayed correctly. The actual /var/log/freeradius/radius.log properly logs the "Login OK" messages but they are not picked up by the GUI. Is it just some simple typo in the web function that can be fixed on my side?
I found a problem with RADIUS logs in the GUI. When a successful login occurs, it's doesn't show as a "Login OK" event but rather, it is reported as an empty event which can't be filtered. Failures are displayed correctly. The actual /var/log/freeradius/radius.log properly logs the "Login OK" messages but they are not picked up by the GUI. Is it just some simple typo in the web function that can be fixed on my side?
6
Directory and Authentication / Re: Help first installation!
« on: December 30, 2018, 08:57:16 am »
Do you need more than an official guide? https://doc.zentyal.org/en/
7
Directory and Authentication / Re: Promote additional DC to main without loosing users?
« on: December 09, 2018, 04:46:26 pm »
There were issues for me when I transferred all FSMO roles to Zenyal's ADC, copied the sysvol directory and shut the PDC for good.
The GUI still thinks it's an ADC. That means that I am unable to activate Roaming profiles and set the home directory letter via the GUI and when I create a new user there, the profile path and home directory aren't properly mapped. Since then, I have been forced to create all new user's links through Windows' RSAT. Unfortunately, I hadn't found any solution to the problem and eventually gave up.
I forgot to mention that all the other domain functions work well, incl. user authentication, samba shares, GPOs,...
The GUI still thinks it's an ADC. That means that I am unable to activate Roaming profiles and set the home directory letter via the GUI and when I create a new user there, the profile path and home directory aren't properly mapped. Since then, I have been forced to create all new user's links through Windows' RSAT. Unfortunately, I hadn't found any solution to the problem and eventually gave up.
I forgot to mention that all the other domain functions work well, incl. user authentication, samba shares, GPOs,...
8
Installation and Upgrades / Re: Fresh System install + update + upgrade = apt destroyed in loop
« on: October 28, 2018, 11:03:08 am »Unfortunately going back is resulting in the same loop for me. Can't use old apt to install packages for 5.1 or 5.1.1. He demands I update apt first which is broken afterwards. using the same version of apt, libapt and APTPKG_5.0 libraries is not changing me having this issue.
I looked into this a bit more and it could be related to juju somehow. I tried re linking the libraries to the correct once which was suggested in a Ubuntu forum thread but to no avail.
That's strange. I have just tried to install the DHCP and IPS modules with 1.2.27 apt and I can install Zentyal modules without any hassle. 1.2.29 gives me the same error you get. Didn't you forget to install the apt-utils package? Either that or your issue might be connected to your inability to install SOGo in the first place. I hesitate to try it myself as I don't really want to put our server down.
9
Installation and Upgrades / Re: Fresh System install + update + upgrade = apt destroyed in loop
« on: October 28, 2018, 09:07:46 am »
Same here. My system updates ended with the same error. Apt and apt-get no longer available.
Solved it by manually reinstalling apt's older version (1.2.28 and above don't work)
Solved it by manually reinstalling apt's older version (1.2.28 and above don't work)
Code: [Select]
wget https://distros-repository.usharesoft.com/ubuntu/xenial-proposed/mirror/bouyguestelecom.ubuntu.lafibre.info/ubuntu/pool/main/a/apt/apt_1.2.27_amd64.deb
wget https://distros-repository.usharesoft.com/ubuntu/xenial-proposed/mirror/bouyguestelecom.ubuntu.lafibre.info/ubuntu/pool/main/a/apt/apt-utils_1.2.27_amd64.deb
sudo dpkg -i apt_1.2.27_amd64.deb apt-utils_1.2.27_amd64.deb
10
Directory and Authentication / Re: Number of logged in users not displayed on dashboard
« on: October 28, 2018, 08:47:54 am »
The dashboard doesn't report AD users logged in. Only the system users. Maybe making the AD users system users in Users and Computers/LDAP settings would help but I have never tested it myself so take it just as an idea.
Your other problem could be an issue with /home/samba/profiles folder permissions. Did you change the default ones?
Your other problem could be an issue with /home/samba/profiles folder permissions. Did you change the default ones?
11
Directory and Authentication / Re: BEST Active Directory Manager for Windows
« on: October 28, 2018, 08:36:56 am »
The easiest way would be to install Remote server administration tools (RSAT) https://www.microsoft.com/en-us/download/details.aspx?id=45520 if it hasn't already been installed.
12
Installation and Upgrades / Re: Can't login to Zentyal GUI, but know domain admin login
« on: October 28, 2018, 08:33:49 am »
The GUI uses system admin password to log in not the Domain Admin one. You entered it during the installation. Use https://askubuntu.com/questions/24006/how-do-i-reset-a-lost-administrative-password if you forgot it.
13
Other modules / Firewall drops random packets on proxy and http ports
« on: April 04, 2018, 07:56:12 pm »
Hi,
I'm trying to figure out why our Zentyal firewall sometimes drops packets that by the rules should go through easily.
Our 3.5 Zentyal is connected to eth0 (internal) parallel to all other devices and acts as a PDC, DHCP, RADIUS server and an explicit proxy for around 50 devices. NATting is done on VDSL modem which is set as a default gateway and properly distributed to clients by DHCP. Everything kind of works correctly but for the past two weeks, the firewall module has started dropping some packets from random devices on ports 3128 (inbound) and 80 (outbound) even though the Zentyal outbound traffic rule is set to allow everything and I didn't alter any HTTP proxy service rule. Even explicitly creating a rule to allow port 3128 traffic in "Internal networks to Zentyal" (and setting it as the topmost) doesn't solve the problem and the dropping continues (see picture below). On those affected devices, everything seems to work including internet. Apparently, only a very small fraction of packets is dropped so the user doesn't notice anything while browsing.
The only change I made in /etc/zentyal/firewall.conf is changing nat_enable to "no"
I didn't make any changes to iptables or firewall.postservice hook.
Is it a bug or it has something to do with spoofing protection? Any ideas or advices?
Unfortunately, I can't add any images and iptables printout to the post (upload folder full).
I'm trying to figure out why our Zentyal firewall sometimes drops packets that by the rules should go through easily.
Our 3.5 Zentyal is connected to eth0 (internal) parallel to all other devices and acts as a PDC, DHCP, RADIUS server and an explicit proxy for around 50 devices. NATting is done on VDSL modem which is set as a default gateway and properly distributed to clients by DHCP. Everything kind of works correctly but for the past two weeks, the firewall module has started dropping some packets from random devices on ports 3128 (inbound) and 80 (outbound) even though the Zentyal outbound traffic rule is set to allow everything and I didn't alter any HTTP proxy service rule. Even explicitly creating a rule to allow port 3128 traffic in "Internal networks to Zentyal" (and setting it as the topmost) doesn't solve the problem and the dropping continues (see picture below). On those affected devices, everything seems to work including internet. Apparently, only a very small fraction of packets is dropped so the user doesn't notice anything while browsing.
The only change I made in /etc/zentyal/firewall.conf is changing nat_enable to "no"
I didn't make any changes to iptables or firewall.postservice hook.
Is it a bug or it has something to do with spoofing protection? Any ideas or advices?
Unfortunately, I can't add any images and iptables printout to the post (upload folder full).
14
Directory and Authentication / Re: How to set up domain login to Zentyal DC from Linux (Mint) clients?
« on: March 30, 2018, 12:45:20 pm »
If I understand it correctly, you successfuly joined the domain with pbis-open but are unable to login to the workstation using AD credentials. You can see the connection in /opt/pbis/bin/get-status and that workstation is visible in the Zentyal web interface. Is that right?
If that's the case, there should be no problem for your users to login. Of that there might be two causes:
1) You used bash to join the domain (domainjoin-cli) and didn't specify the domain prefix:
Test that by trying to log in from the terminal:
vs (mind the capitals and double backslash)
You can either log by using the domain prefix or (which is easier) run pbis-open config to handle it:
2) Your users can actually login from the bash but your greeter (Login screen) doesn't show them or allow them to specify their username.
On my Mint 18 machines I solve this by adding:
to /etc/lightdm/lightdm.conf.d/70-linuxmint.conf.
Also, keep in mind that there is a good habit in setting bash as the default shell and setting user's home directories to something more appropriate (%H/%U in my case) as described in the guide on linoxide. Suit that to your liking.
If that's the case, there should be no problem for your users to login. Of that there might be two causes:
1) You used bash to join the domain (domainjoin-cli) and didn't specify the domain prefix:
Code: [Select]
domainjoin-cli join yourdomain.com adminuser
Test that by trying to log in from the terminal:
Code: [Select]
su - testuser
No passwd entry for 'testuser'
vs (mind the capitals and double backslash)
Code: [Select]
su - YOURDOMAIN\\testuser
$
You can either log by using the domain prefix or (which is easier) run pbis-open config to handle it:
Code: [Select]
sudo /opt/pbis/bin/config AssumeDefaultDomain true
2) Your users can actually login from the bash but your greeter (Login screen) doesn't show them or allow them to specify their username.
On my Mint 18 machines I solve this by adding:
Code: [Select]
greeter-hide-users=true
greeter-show-manual-login=true
to /etc/lightdm/lightdm.conf.d/70-linuxmint.conf.
Also, keep in mind that there is a good habit in setting bash as the default shell and setting user's home directories to something more appropriate (%H/%U in my case) as described in the guide on linoxide. Suit that to your liking.
15
Directory and Authentication / Re: How to set up domain login to Zentyal DC from Linux (Mint) clients?
« on: March 27, 2018, 06:45:39 pm »
The easiest way to join a Linux computer to a Zentyal PDC is through pbis-open package.
Files:
https://github.com/BeyondTrust/pbis-open/releases
Guides:
https://github.com/BeyondTrust/pbis-open/wiki/Documentation
You can find more straightforward step by step guides on the web.
https://linoxide.com/ubuntu-how-to/configure-pbis-join-ubuntu-windows-ad/
.
.
Files:
https://github.com/BeyondTrust/pbis-open/releases
Guides:
https://github.com/BeyondTrust/pbis-open/wiki/Documentation
You can find more straightforward step by step guides on the web.
https://linoxide.com/ubuntu-how-to/configure-pbis-join-ubuntu-windows-ad/
.
.
Pages: [1] 2