This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Directory and Authentication / Goal of idmap.ldb and RFC 2307 with zentyal
« on: December 22, 2022, 11:06:54 am »
Hello,
I've two questions
- One of my installs, idmap.ldb has arround 58 records however I've more AD objects than that. Since Zentyal uses RFC 2307 why do we need idmap.ldb? How is it populated?
- As I said, Zentyal uses RFC 2307, and I can see that it manages uidnumber, gidnumber, etc automatically. Lets supposed that you join zentyal to a domain where some objects already have some uidnumbers and gidnumbers. How does it deal with that?
Cheers
I've two questions
- One of my installs, idmap.ldb has arround 58 records however I've more AD objects than that. Since Zentyal uses RFC 2307 why do we need idmap.ldb? How is it populated?
- As I said, Zentyal uses RFC 2307, and I can see that it manages uidnumber, gidnumber, etc automatically. Lets supposed that you join zentyal to a domain where some objects already have some uidnumbers and gidnumbers. How does it deal with that?
Cheers
2
Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: December 21, 2022, 09:44:22 pm »
Yep!
I also confirm!
I also confirm!
3
Directory and Authentication / Re: AD Stop Working on Windows 11 22H2
« on: November 05, 2022, 07:12:52 pm »
Hello,
I just configured my own Ubuntu Servers with Samba 4.17.2.
You have good documentation here:
https://samba.tranquil.it/doc/en/samba_config_server/samba_conf_index.html#samba-ad-under-debian
And if you use Ubuntu Server 22.02 like I do, you can use this repo:
https://launchpad.net/~linux-schools/+archive/ubuntu/samba-latest
So this is my goodbye to Zentyal as, in fact, I prefer my own configurations and to have a better control.
Thank you everyone!
I just configured my own Ubuntu Servers with Samba 4.17.2.
You have good documentation here:
https://samba.tranquil.it/doc/en/samba_config_server/samba_conf_index.html#samba-ad-under-debian
And if you use Ubuntu Server 22.02 like I do, you can use this repo:
https://launchpad.net/~linux-schools/+archive/ubuntu/samba-latest
So this is my goodbye to Zentyal as, in fact, I prefer my own configurations and to have a better control.
Thank you everyone!
4
Installation and Upgrades / Re: [Solved ]Problem creating GPOs with vfs object = full_audit
« on: April 10, 2022, 05:50:14 pm »
I didn't have any problem since I made this config.
5
Installation and Upgrades / Re: Problem creating GPOs with vfs object = full_audit
« on: March 27, 2022, 03:56:56 am »
Solution:
vfs objects = acl_xattr full_audit
vfs objects = acl_xattr full_audit
6
Installation and Upgrades / [Solved ]Problem creating GPOs with vfs object = full_audit
« on: March 24, 2022, 09:07:01 pm »
I was trying to do this procedure:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRhCAK
Basically it would allow my firewall to identify the users based on the samba4 logs.
You've to add this:
syslog = 3
vfs object = full_audit
full_audit:success = connect
full_audit:failure = disconnect
full_audit:prefix = %u %I | %S
full_audit:facility = local5
To smb.conf.
I added to /usr/share/zentyal/stubs/samba/smb.conf.mas , rebooted the server and the logs work.
However if I try to create a GPO via RSAT, with this configuration, I get "This security ID may not be assigned as the owner of this object"
Pretty much like this report:
https://lists.samba.org/archive/samba/2017-April/207962.html
Any hint?
Thank you!
7
Directory and Authentication / Re: Changing .local to .com Domain
« on: December 28, 2021, 06:42:38 pm »
Thanks!
What about GPOs?
Also, would it be possible to keep the same account settings at workstations after joining the "new" domain?
Thanks
What about GPOs?
Also, would it be possible to keep the same account settings at workstations after joining the "new" domain?
Thanks
8
Directory and Authentication / Changing .local to .com Domain
« on: December 27, 2021, 01:23:41 pm »
Hello,
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
Is it possible to change the AD domain from .local to .com (this is purely Zentyal infrastructure)?
Thanks!
9
Installation and Upgrades / Problems with DNS on 7.0
« on: March 10, 2021, 04:18:19 am »
Hi!
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
So I upgraded to 7.0.
Everything looked ok till I found that DNS is not replicating and that my machines can't update their records.
Also found that some external records just won't resolve it's ip's.
If I add a record manually at one DC the record won't replicate to other DC's.
I've 4 DC's (all zentyal 7.0)
Some logs:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: ldb: replmd_add: unable to find invocationId
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz:
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: failed to modify DC=XXXDSK04,DC=XXX.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=local - WERR_GEN_FAILURE
Mar 10 03:16:33 XXXdc01 named[1270]: samba_dlz: cancelling transaction on zone XXX.local
I also have some logs like this:
DNS format error from 208.67.222.222#53 resolving brightcloud.com/DS: invalid response
Please help.
EDIT: Also Domain objects are not replicating. If I do a samba-tool drs replicate with --full-sync it it's synced.
EDIT2: Just reverted to Zentyal 6.2.7. This is not ready for prime time.
10
Installation and Upgrades / Zentyal not updating reverse lookup Zone
« on: June 19, 2020, 04:54:14 am »
Hi!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
On your Windows domain machine do on a CMD ipconfig /registerdns.
A Record will be updated correctly.
Reverse record will NOT.
In my example my workstation is 192.168.21.41 / 24
however in the syslog it shows up this:
client @0x7f2754100c10 192.168.21.41#50367: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
The correct zone should be 21.168.192.in-addr.arpa I believe.
By the way, my DC's are in different networks than my workstations.
The zone 21.168.192.in-addr.arpa exists. It was created via samba-tool and I also tried via RSAT. Same results.
Thanks!
11
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: December 08, 2018, 10:57:17 pm »
Hi!
Tried that and kill some process at time.
The machine upgraded sucessfully.
I've other machine that is stuck on:
Setting up zentyal-core (6.0.1) ...
Installing new version of config file /etc/cron.daily/zentyal ...
any idea?
Tried that and kill some process at time.
The machine upgraded sucessfully.
I've other machine that is stuck on:
Setting up zentyal-core (6.0.1) ...
Installing new version of config file /etc/cron.daily/zentyal ...
any idea?
12
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: November 30, 2018, 09:43:10 pm »
nothing?
13
Installation and Upgrades / Re: Stuck Upgrading from 5.1.3 to 6.0
« on: November 26, 2018, 10:44:53 am »
You mean stop DNS?
I tried it and it kept stuck.
I tried it and it kept stuck.
14
Installation and Upgrades / Stuck Upgrading from 5.1.3 to 6.0
« on: November 25, 2018, 02:32:55 am »
Hi,
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
I'm getting stuck here:
2018/11/25 00:50:47 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: dns
2018/11/25 00:50:48 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
Any hint?
15
Installation and Upgrades / Re: Upgrade Zentyal to 6.0 and Ubuntu to 18.04
« on: November 14, 2018, 12:19:40 pm »
When is the button gonna be available?