Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Directory and Authentication / Re: Issue with Bind?
« on: November 07, 2021, 06:54:11 pm »Hi,
Did you check the configuration of the '/etc/resolv.conf'? Or perhaps is something about Bind cache.
Could you explain which actions you do when you said 'i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160'?
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever"
Thanks for the reply, the action i create was on pfsense created a DNS overide, because on zentyal the DNS forwarder is pointing to pfSense,
32
Directory and Authentication / Issue with Bind?
« on: October 29, 2021, 11:19:25 pm »
Hi
I was wondering if someone else has had this issue before,
Currently i have DNS forwarder to my firewall and on the firewall i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160.
then on zentyal i restart bind9 and starts working fine, but around few hours it starts resolving by the WAN ip instead of the LAN IP so i have to restart bind9 every time
any ideas how to make it stick?
Thank you
I was wondering if someone else has had this issue before,
Currently i have DNS forwarder to my firewall and on the firewall i create a dns host overide to resolve erp.mydomain.com to 192.168.0.160.
then on zentyal i restart bind9 and starts working fine, but around few hours it starts resolving by the WAN ip instead of the LAN IP so i have to restart bind9 every time
any ideas how to make it stick?
Thank you
33
Directory and Authentication / Quick question about GPO on ubuntu
« on: May 26, 2021, 09:22:31 pm »
Hi,
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?
Thank you
i was wondering if its possible connecting a normal ubuntu desktop to the domain and apply GPO passwords policy? or does it only apply for windows?
Thank you
34
Directory and Authentication / bitlocker question
« on: May 11, 2021, 12:55:18 am »
Hi
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find
Thank you
I was wondering if bitlocker recovery keys can be saved though GPO?
I was looking but could not find
Thank you
35
Installation and Upgrades / DHCP server options?
« on: February 02, 2021, 11:59:14 pm »
Hi i was wondering if someone else knows how to add option 252 for the DHCP options? I used to be able to do this on the DHCP server options on windows server but not sure how its does on zentyal
Thank you
Thank you
36
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:48:04 am »
solved it: it was apparmor
do the following it should work
and reconnect your devices should see the logs correctly
do the following it should work
Code: [Select]
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpdand reconnect your devices should see the logs correctly
37
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:25:18 am »
i think the issue is this part
but on the dhcp config shows correctly
and i think the permissions are correct
Code: [Select]
Dec 25 22:19:48 apolo dhcpd[1853]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
but on the dhcp config shows correctly
Code: [Select]
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
log(concat("Release: IP: ", ClientIP));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
and i think the permissions are correct
Code: [Select]
root@apolo:~# ls -l -h /usr/share/zentyal-dhcp/dhcp-dyndns.sh
-rwxr-xr-x 1 root root 4.4K Oct 5 05:05 /usr/share/zentyal-dhcp/dhcp-dyndns.sh
38
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 04:11:47 am »
thanks for the reply,
Code: [Select]
root@apolo:~# cat /etc/dhcp/dhcpd.conf
# DHCP server is authoritative for all networks
authoritative;
# extra options
# RFC3442 routes
option rfc3442-classless-static-routes code 121 = array of inxxxer 8;
# MS routes
option ms-classless-static-routes code 249 = array of inxxxer 8;
# Cisco IP phones
option voip-tftp-servers code 150 = array of ip-address;
option shoretel-director-server code 155 = ip-address;
pid-file-name "/var/run/dhcp-server/dhcpd.pid";
ddns-update-style none;
ddns-updates on;
update-static-leases on;
option domain-name-servers 127.0.0.1;
allow booting;
allow bootp;
default-lease-time 1800;
max-lease-time 7200;
include "/etc/dhcp/ddns-keys/keys";
shared-network eth0 {
subnet 192.168.100.0 netmask 255.255.255.0 {
option routers 192.168.100.1;
option domain-name "xxx.local";
option domain-name-servers 192.168.100.200;
option ntp-servers 192.168.100.200;
option netbios-name-servers 192.168.100.200;
option netbios-node-type 8;
default-lease-time 1800;
max-lease-time 7200;
option host-name = config-option server.ddns-hostname;
ddns-hostname = pick-first-value( option fqdn.hostname,
option host-name,
concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address)));
ddns-domainname "xxx.local.";
zone xxx.local. {
primary 127.0.0.1;
key xxx.local;
}
zone 100.168.192.in-addr.arpa. {
primary 127.0.0.1;
key xxx.local;
}
pool {
next-server 192.168.100.200;
range 192.168.100.10 192.168.100.100;
}
}
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
set ClientName = pick-first-value(option host-name, config-option-host-name, client-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName);
}
on release {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
log(concat("Release: IP: ", ClientIP));
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID);
}
on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/usr/share/zentyal-dhcp/dhcp-dyndns.sh", "delete", ClientIP, "", "0");
}
group {
option routers 192.168.100.1;
option domain-name "xxx.local";
option domain-name-servers 192.168.100.200;
option ntp-servers 192.168.100.200;
option netbios-name-servers 192.168.100.200;
option netbios-node-type 8;
default-lease-time 1800;
max-lease-time 7200;
option host-name = config-option server.ddns-hostname;
ddns-hostname = pick-first-value ( host-decl-name,
option fqdn.hostname,
concat("static-", binary-to-ascii(10, 8, "-", leased-address)));
ddns-domainname "xxx.local.";
zone xxx.local. {
primary 127.0.0.1;
key xxx.local;
}
zone 100.168.192.in-addr.arpa. {
primary 127.0.0.1;
key xxx.local;
}
}
}
# Add option 150 (0x96) and 155 (0x9b)
if exists dhcp-parameter-request-list {
option dhcp-parameter-request-list=concat(option dhcp-parameter-request-list,96,9b);
}
Code: [Select]
root@apolo:~# cat /etc/samba/smb.conf
[global]
workgroup = xxx
realm = XXX.LOCAL
netbios name = apolo
server string = Zentyal Server
server role = dc
server role check:inhibit = yes
server services = -dns
server signing = auto
dsdb:schema update allowed = yes
ldap server require strong auth = no
drs:max object sync = 1200
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
rpc server dynamic port range = 49152-65535
interfaces = lo,eth0
bind interfaces only = yes
map to guest = Bad User
log level = 3
log file = /var/log/samba/samba.log
max log size = 100000
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/xx.local/scripts
browseable = no
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
Code: [Select]
root@apolo:~# cat /etc/bind/named.conf.local
// Generated by Zentyal
acl "trusted" {
localhost;
localnets;
};
acl "internal-local-nets" {
192.168.100.0/24;
};
dlz "AD DNS Zone" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_11.so";
};
zone "100.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.100.168.192";
update-policy {
// The only allowed dynamic updates are PTR records
grant xxx.local. subdomain 100.168.192.in-addr.arpa. PTR TXT;
// Grant from localhost
grant local-ddns zonesub any;
};
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "17.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "18.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "19.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "20.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "21.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "22.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "23.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "24.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "25.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "26.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "27.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "28.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "29.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "30.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "31.172.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.empty";
};
39
Directory and Authentication / Re: issue not resolving?
« on: December 26, 2020, 02:02:54 am »
bump anyone?
Whats odd is that i added manually i can resolve by IP but by name it says it wont resolve, i tried then the name of the server with the domain and it shows the IP. So i thought it was the installation so i did another installation from zero and same issue
Whats odd is that i added manually i can resolve by IP but by name it says it wont resolve, i tried then the name of the server with the domain and it shows the IP. So i thought it was the installation so i did another installation from zero and same issue
40
Directory and Authentication / Re: local admin GPO greyedout?
« on: December 23, 2020, 08:28:58 pm »
thanks for the reply, yeah i guess im going to have to move to LAPS sucks how its different from the normal GPO of local admin
Thank you again
Thank you again
41
Directory and Authentication / local admin GPO greyedout?
« on: December 23, 2020, 03:39:28 am »
Hi,
I was wondering if someone else has had this issue, with zentyal 6.2 not sure if its zentyal or the windows, i tried creating local admin though GPO but the password is greyed out which is very odd
Thank you
https://imgur.com/6l5wC8K.png
I was wondering if someone else has had this issue, with zentyal 6.2 not sure if its zentyal or the windows, i tried creating local admin though GPO but the password is greyed out which is very odd
Thank you
https://imgur.com/6l5wC8K.png
42
Directory and Authentication / issue not resolving?
« on: December 22, 2020, 07:47:46 pm »
Hi currently running zentyal 6.2 what i noticed is that cannot seem to resolve by IP but by name it works
currently tick the box Dynamic DNS Options but not sure what i missed?
just checked the logs and found this
and whats even odd is that i check the service of DHCP which shows on but on the WebGui shows stopped
https://imgur.com/QtTnZuL.png
currently tick the box Dynamic DNS Options but not sure what i missed?
Code: [Select]
C:\Users\administrador.xx>nslookup
Servidor predeterminado: apolo.xx.local
Address: 192.168.100.200
> pc-23
Servidor: apolo.xxx.local
Address: 192.168.100.200
Nombre: pc-23.xx.local
Address: 192.168.100.59
> 192.168.100.59
Servidor: apolo.xx.local
Address: 192.168.100.200
*** apolo.xx.local no encuentra 192.168.100.59: Non-existent domainjust checked the logs and found this
Code: [Select]
Dec 22 13:51:34 apolo dhcpd[17404]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512and whats even odd is that i check the service of DHCP which shows on but on the WebGui shows stopped
Code: [Select]
root@apolo:~# service isc-dhcp-server status
● isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-12-22 13:50:16 -05; 3min 26s ago
Docs: man:dhcpd(8)
Main PID: 17404 (dhcpd)
Tasks: 1 (limit: 4620)
CGroup: /system.slice/isc-dhcp-server.service
└─17404 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
Dec 22 13:53:30 apolo dhcpd[17404]: DHCPACK on 192.168.100.48 to f8:1f:32:c6:19:b4 via eth0
Dec 22 13:53:30 apolo dhcpd[17404]: Commit: IP: 192.168.100.49 DHCID: c0:cb:38:15:96:79 Name: PC-07
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[1] = add
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[2] = 192.168.100.49
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[3] = c0:cb:38:15:96:79
Dec 22 13:53:30 apolo dhcpd[17404]: execute_statement argv[4] = PC-07
Dec 22 13:53:30 apolo dhcpd[17404]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 32512
Dec 22 13:53:30 apolo dhcpd[17404]: DHCPREQUEST for 192.168.100.49 from c0:cb:38:15:96:79 (PC-07) via eth0
Dec 22 13:53:30 apolo dhcpd[17404]: DHCPACK on 192.168.100.49 to c0:cb:38:15:96:79 (PC-07) via eth0
https://imgur.com/QtTnZuL.png
43
Directory and Authentication / Re: Logon Script
« on: December 02, 2020, 12:31:51 am »
the scrip folder should be located in
\\192.168.3.150\sysvol\yourdomain\scripts
\\192.168.3.150\sysvol\yourdomain\scripts
44
Directory and Authentication / Re: Logon Script
« on: December 01, 2020, 04:23:38 am »
did you install the GPO addon on a windows machine to deploy the script?
45
Directory and Authentication / Re: Samba issue with scan printer
« on: November 29, 2020, 01:02:18 am »
yeah i know it sucks but yeah it got resolved